Back to bug 2026509
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Pedro Sampaio | 2021-11-24 22:04:28 UTC | Comment | 0 | updated |
| Pedro Sampaio | 2021-11-24 22:04:49 UTC | Blocks | 2026510 | |
| Summer Long | 2021-11-30 06:48:47 UTC | Fixed In Version | mongodb 5.0.3 | |
| Summer Long | 2021-12-02 00:16:52 UTC | Doc Text | An assertion flaw was found in the mongodb server where an aggregation request could trigger an invariant. An authorized attacker could exploit this flaw by sending a relevant aggregation request to a shard, which could result in a Denial of Service or server exit. Requests are usually sent via mongos and special privileges are required in order to know the address of the shards and to log in to the shards of an auth-enabled environment. | |
| Eric Christensen | 2021-12-06 20:33:16 UTC | Depends On | 2028482 | |
| Doc Text | An assertion flaw was found in the mongodb server where an aggregation request could trigger an invariant. An authorized attacker could exploit this flaw by sending a relevant aggregation request to a shard, which could result in a Denial of Service or server exit. Requests are usually sent via mongos and special privileges are required in order to know the address of the shards and to log in to the shards of an auth-enabled environment. | An assertion flaw was found in the mongodb server where an aggregation request could trigger an invariant. An authorized user could exploit this flaw by sending a relevant aggregation request to a shard, which could result in a denial of service or server exit. Requests are usually sent via mongos and special privileges are required in order to know the address of the shards and to log in to the shards of an auth-enabled environment. | ||
| Red Hat Bugzilla | 2023-07-07 08:31:02 UTC | Assignee | security-response-team | nobody |
Back to bug 2026509