First published: Fri Jul 23 2021(Updated: )
Sending specially crafted commands to a MongoDB Server may result in artificial log entries being generated or for log entries to be split. This issue affects MongoDB Server v3.6 versions prior to 3.6.20; MongoDB Server v4.0 versions prior to 4.0.21 and MongoDB Server v4.2 versions prior to 4.2.10.
Credit: cna@mongodb.com cna@mongodb.com
Affected Software | Affected Version | How to fix |
---|---|---|
MongoDB MongoDB | >=3.6.0<3.6.20 | |
MongoDB MongoDB | >=4.0.0<4.0.21 | |
MongoDB MongoDB | >=4.2.0<4.2.10 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-20333 is a vulnerability in MongoDB Server that allows for the generation of artificial log entries or log entries to be split when specially crafted commands are sent.
MongoDB Server v3.6 versions prior to 3.6.20, MongoDB Server v4.0 versions prior to 4.0.21, and MongoDB Server v4.2 versions prior to 4.2.10 are affected.
CVE-2021-20333 has a severity rating of 5.3, which is considered medium.
To fix CVE-2021-20333, update MongoDB Server to v3.6.20, v4.0.21, or v4.2.10 or later versions.
You can find more information about CVE-2021-20333 in the MongoDB Jira issue: SERVER-50605.