CVE-2021-32036
Denial of Service and Data Integrity vulnerability in features command
7.1
HIGH
CVSS 3.1
EPSS 0.15%
描述
An authenticated user without any specific authorizations may be able to repeatedly invoke the features command where at a high volume may lead to resource depletion or generate high lock contention. This may result in denial of service and in rare cases could result in id field collisions. This issue affects MongoDB Server v5.0 versions prior to and including 5.0.3; MongoDB Server v4.4 versions prior to and including 4.4.9; MongoDB Server v4.2 versions prior to and including 4.2.16 and MongoDB Server v4.0 versions prior to and including 4.0.28
如何修補 CVE-2021-32036
要修補 CVE-2021-32036,請將受影響套件升級到下列已修補版本。
- —升級至 4.2.18 或更新版本
CVE-2021-32036 正在被利用嗎?
低 — EPSS 為 0.2%,目前沒有觀察到大規模利用活動。
受影響套件(1)
- >= 2.0.0, < 4.2.18, >= 4.4.0, < 4.4.10, >= 5.0.0, < 5.0.4
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.1 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H |