VYPR
Medium severity6.5NVD Advisory· Published Dec 15, 2021· Updated Jun 17, 2026

CVE-2021-20330

CVE-2021-20330

Description

An attacker with basic CRUD permissions on a replicated collection can run the applyOps command with specially malformed oplog entries, resulting in a potential denial of service on secondaries. This issue affects MongoDB Server v4.0 versions prior to 4.0.27; MongoDB Server v4.2 versions prior to 4.2.16; MongoDB Server v4.4 versions prior to 4.4.9.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

3
  • MongoDB/Serverllm-fuzzy
    Range: v4.0 < 4.0.27, v4.2 < 4.2.16, v4.4 < 4.4.9
  • osv-coords
    Range: >= 4.0.0, < 4.0.25
  • MongoDB Inc./MongoDB Serverv5
    Range: 4.0

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.