CVE-2021-32036
MEDIUMMongoDB 4.0-4.2.16 4.4-4.4.9 5.0-5.0.3 - Authenticated Denial of Service via Features Command
Title source: llmDescription
An authenticated user without any specific authorizations may be able to repeatedly invoke the features command where at a high volume may lead to resource depletion or generate high lock contention. This may result in denial of service and in rare cases could result in id field collisions. This issue affects MongoDB Server v5.0 versions prior to and including 5.0.3; MongoDB Server v4.4 versions prior to and including 4.4.9; MongoDB Server v4.2 versions prior to and including 4.2.16 and MongoDB Server v4.0 versions prior to and including 4.0.28
References (1)
Core 1
Core References
Issue Tracking, Vendor Advisory x_refsource_misc
https://jira.mongodb.org/browse/SERVER-59294
Scores
CVSS v3
5.4
EPSS
0.0102
EPSS Percentile
58.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-770
Status
published
Products (1)
mongodb/mongodb
2.0.0 - 4.2.18
Published
Feb 04, 2022
Tracked Since
Feb 18, 2026