5.0.2

CVSS 6.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

mongodb

CWE-617

NVD

Published: 2021-11-24

Updated: 2024-01-23

Summary

An authorized user may trigger an invariant which may result in denial of service or server exit if a relevant aggregation request is sent to a shard. Usually, the requests are sent via mongos and special privileges are required in order to know the address of the shards and to log in to the shards of an auth enabled environment. This issue affects MongoDB Server v5.0 versions prior to and including 5.0.2.

Vulnerable Configurations

Part	Description	Count
Application	Mongodb Mongodb Mongodb 5.0.0 Mongodb Mongodb 5.0.1 Mongodb Mongodb 5.0.2	16

Common Weakness Enumeration (CWE)

CWE-617 - Reachable Assertion

References

https://jira.mongodb.org/browse/SERVER-59071