CVE-2021-32037
published 2021-11-24CVE-2021-32037: An authorized user may trigger an invariant which may result in denial of service or server exit if a relevant aggregation request is sent to a shard. Usually…
PriorityP433medium6.5CVSS 3.1
AVNACLPRLUINSUCNINAH
EPSS
1.18%
63.8th percentile
An authorized user may trigger an invariant which may result in denial of service or server exit if a relevant aggregation request is sent to a shard. Usually, the requests are sent via mongos and special privileges are required in order to know the address of the shards and to log in to the shards of an auth enabled environment. This issue affects MongoDB Server v5.0 versions prior to and including 5.0.2.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| mongodb | mongodb | 5.0.0 – 5.0.2 | — |
| mongodb_inc | mongodb_server | 5.0 – 5.0.2 | — |
CVSS provenance
nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
nvdv2.04.0MEDIUMAV:N/AC:L/Au:S/C:N/I:N/A:P
osv6.5MEDIUM
vendor_redhat6.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-8v5c-chfg-fcjx: An authorized user may trigger an invariant which may result in denial of service or server exit if a relevant aggregation request is sent to a shard
ghsa_unreviewed·2022-05-24
CVE-2021-32037 [MEDIUM] CWE-617 GHSA-8v5c-chfg-fcjx: An authorized user may trigger an invariant which may result in denial of service or server exit if a relevant aggregation request is sent to a shard
An authorized user may trigger an invariant which may result in denial of service or server exit if a relevant aggregation request is sent to a shard. Usually, the requests are sent via mongos and special privileges are required in order to know the address of the shards and to log in to the shards of an auth enabled environment.
OSV
CVE-2021-32037: An authorized user may trigger an invariant which may result in denial of service or server exit if a relevant aggregation request is sent to a shard
osv·2021-11-24·CVSS 6.5
CVE-2021-32037 [MEDIUM] CVE-2021-32037: An authorized user may trigger an invariant which may result in denial of service or server exit if a relevant aggregation request is sent to a shard
An authorized user may trigger an invariant which may result in denial of service or server exit if a relevant aggregation request is sent to a shard. Usually, the requests are sent via mongos and special privileges are required in order to know the address of the shards and to log in to the shards of an auth enabled environment. This issue affects MongoDB Server v5.0 versions prior to and including 5.0.2.
Red Hat
mongodb: Using $sample can trigger invariant when connecting directly to shards
vendor_redhat·2021-11-24·CVSS 6.5
CVE-2021-32037 [MEDIUM] CWE-617 mongodb: Using $sample can trigger invariant when connecting directly to shards
mongodb: Using $sample can trigger invariant when connecting directly to shards
An authorized user may trigger an invariant which may result in denial of service or server exit if a relevant aggregation request is sent to a shard. Usually, the requests are sent via mongos and special privileges are required in order to know the address of the shards and to log in to the shards of an auth enabled environment. This issue affects MongoDB Server v5.0 versions prior to and including 5.0.2.
An assertion flaw was found in the mongodb server where an aggregation request could trigger an invariant. An authorized user could exploit this flaw by sending a relevant aggregation request to a shard, which could result in a denial of service or server exit. Requests are usually sent via mongos and speci
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2021-11-24
Published