Bug 2051953 (CVE-2021-32036)
| Summary: | CVE-2021-32036 mongodb: Repeatedly invoking the features command at a high volume may lead to resource depletion | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Vipul Nair <vinair> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED NOTABUG | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | CC: | amctagga, athomas, bbuckingham, bcourt, bkearney, btotty, dbecker, ehelms, jjoyce, jschluet, jsherril, lhh, lpeer, lzap, mburns, mhulan, mmccune, myarboro, nmoumoul, orabin, pcreech, rchan, sclewis, slinaber |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | mongodb-4.2.18 mongodb-4.4.10 mongodb-5.0.4 mongodb-5.1.0-rc0 | Doc Type: | If docs needed, set a value |
| Doc Text: |
A flaw was found in the MongoDB database when repeatedly invoking the features command. This flaw allows an authenticated attacker without any specific authorizations to repeatedly invoke commands, leading to resource depletion or the generation of high lock contention.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2022-05-31 21:43:39 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | |||
| Bug Blocks: | 2051946 | ||
|
Description
Vipul Nair
2022-02-08 11:49:22 UTC
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2021-32036 |