Bitnami package
mongodb
pkg:bitnami/mongodb
Vulnerabilities (70)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2021-20330 | — | >= 4.0.0, < 4.0.25 | 4.0.25 | Dec 15, 2021 | An attacker with basic CRUD permissions on a replicated collection can run the applyOps command with specially malformed oplog entries, resulting in a potential denial of service on secondaries. This issue affects MongoDB Server v4.0 versions prior to 4.0.27; MongoDB Server v4.2 | ||
| CVE-2021-32037 | — | >= 5.0.0, < 5.0.3 | 5.0.3 | Nov 24, 2021 | An authorized user may trigger an invariant which may result in denial of service or server exit if a relevant aggregation request is sent to a shard. Usually, the requests are sent via mongos and special privileges are required in order to know the address of the shards and to l | ||
| CVE-2021-20333 | — | >= 3.6.0, < 3.6.20 | 3.6.20 | Jul 23, 2021 | Sending specially crafted commands to a MongoDB Server may result in artificial log entries being generated or for log entries to be split. This issue affects MongoDB Server v3.6 versions prior to 3.6.20; MongoDB Server v4.0 versions prior to 4.0.21 and MongoDB Server v4.2 versio | ||
| CVE-2021-20326 | — | >= 4.4.0, < 4.4.4 | 4.4.4 | Apr 30, 2021 | A user authorized to performing a specific type of find query may trigger a denial of service. This issue affects MongoDB Server v4.4 versions prior to 4.4.4. | ||
| CVE-2020-7929 | — | >= 3.6.0, < 3.6.21 | 3.6.21 | Mar 1, 2021 | A user authorized to perform database queries may trigger denial of service by issuing specially crafted query contain a type of regex. This issue affects MongoDB Server v3.6 versions prior to 3.6.21 and MongoDB Server v4.0 versions prior to 4.0.20. | ||
| CVE-2020-7928 | — | >= 3.6.0, < 3.6.20 | 3.6.20 | Nov 23, 2020 | A user authorized to perform database queries may trigger a read overrun and access arbitrary memory by issuing specially crafted queries. This issue affects MongoDB Server v4.4 versions prior to 4.4.1; MongoDB Server v4.2 versions prior to 4.2.9; MongoDB Server v4.0 versions pri | ||
| CVE-2020-7926 | — | >= 4.4.0, < 4.4.1 | 4.4.1 | Nov 23, 2020 | A user authorized to perform database queries may cause denial of service by issuing a specially crafted query which violates an invariant in the server selection subsystem. This issue affects MongoDB Server v4.4 versions prior to 4.4.1. Versions before 4.4 are not affected. | ||
| CVE-2020-7925 | — | >= 4.2.0, < 4.2.9 | 4.2.9 | Nov 23, 2020 | Incorrect validation of user input in the role name parser may lead to use of uninitialized memory allowing an unauthenticated attacker to use a specially crafted request to cause a denial of service. This issue affects MongoDB Server v4.4 versions prior to 4.4.0-rc12; MongoDB Se | ||
| CVE-2020-7923 | — | >= 4.0.0, < 4.0.19 | 4.0.19 | Aug 21, 2020 | A user authorized to perform database queries may cause denial of service by issuing specially crafted queries, which violate an invariant in the query subsystem's support for geoNear. This issue affects MongoDB Server v4.4 versions prior to 4.4.0-rc7; MongoDB Server v4.2 version | ||
| CVE-2020-7921 | — | >= 3.6.0, < 3.6.18 | 3.6.18 | May 6, 2020 | Improper serialization of internal state in the authorization subsystem in MongoDB Server's authorization subsystem permits a user with valid credentials to bypass IP whitelisting protection mechanisms following administrative action. This issue affects MongoDB Server v4.2 versio |
- CVE-2021-20330Dec 15, 2021affected >= 4.0.0, < 4.0.25fixed 4.0.25
An attacker with basic CRUD permissions on a replicated collection can run the applyOps command with specially malformed oplog entries, resulting in a potential denial of service on secondaries. This issue affects MongoDB Server v4.0 versions prior to 4.0.27; MongoDB Server v4.2
- CVE-2021-32037Nov 24, 2021affected >= 5.0.0, < 5.0.3fixed 5.0.3
An authorized user may trigger an invariant which may result in denial of service or server exit if a relevant aggregation request is sent to a shard. Usually, the requests are sent via mongos and special privileges are required in order to know the address of the shards and to l
- CVE-2021-20333Jul 23, 2021affected >= 3.6.0, < 3.6.20fixed 3.6.20
Sending specially crafted commands to a MongoDB Server may result in artificial log entries being generated or for log entries to be split. This issue affects MongoDB Server v3.6 versions prior to 3.6.20; MongoDB Server v4.0 versions prior to 4.0.21 and MongoDB Server v4.2 versio
- CVE-2021-20326Apr 30, 2021affected >= 4.4.0, < 4.4.4fixed 4.4.4
A user authorized to performing a specific type of find query may trigger a denial of service. This issue affects MongoDB Server v4.4 versions prior to 4.4.4.
- CVE-2020-7929Mar 1, 2021affected >= 3.6.0, < 3.6.21fixed 3.6.21
A user authorized to perform database queries may trigger denial of service by issuing specially crafted query contain a type of regex. This issue affects MongoDB Server v3.6 versions prior to 3.6.21 and MongoDB Server v4.0 versions prior to 4.0.20.
- CVE-2020-7928Nov 23, 2020affected >= 3.6.0, < 3.6.20fixed 3.6.20
A user authorized to perform database queries may trigger a read overrun and access arbitrary memory by issuing specially crafted queries. This issue affects MongoDB Server v4.4 versions prior to 4.4.1; MongoDB Server v4.2 versions prior to 4.2.9; MongoDB Server v4.0 versions pri
- CVE-2020-7926Nov 23, 2020affected >= 4.4.0, < 4.4.1fixed 4.4.1
A user authorized to perform database queries may cause denial of service by issuing a specially crafted query which violates an invariant in the server selection subsystem. This issue affects MongoDB Server v4.4 versions prior to 4.4.1. Versions before 4.4 are not affected.
- CVE-2020-7925Nov 23, 2020affected >= 4.2.0, < 4.2.9fixed 4.2.9
Incorrect validation of user input in the role name parser may lead to use of uninitialized memory allowing an unauthenticated attacker to use a specially crafted request to cause a denial of service. This issue affects MongoDB Server v4.4 versions prior to 4.4.0-rc12; MongoDB Se
- CVE-2020-7923Aug 21, 2020affected >= 4.0.0, < 4.0.19fixed 4.0.19
A user authorized to perform database queries may cause denial of service by issuing specially crafted queries, which violate an invariant in the query subsystem's support for geoNear. This issue affects MongoDB Server v4.4 versions prior to 4.4.0-rc7; MongoDB Server v4.2 version
- CVE-2020-7921May 6, 2020affected >= 3.6.0, < 3.6.18fixed 3.6.18
Improper serialization of internal state in the authorization subsystem in MongoDB Server's authorization subsystem permits a user with valid credentials to bypass IP whitelisting protection mechanisms following administrative action. This issue affects MongoDB Server v4.2 versio
Page 4 of 4