CVE-2021-32036

Name of the Vulnerable Software and Affected Versions MongoDB Server versions prior to and including 5.0.3 MongoDB Server versions prior to and including 4.4.9 MongoDB Server versions prior to and including 4.2.16 MongoDB Server versions prior to and including 4.0.28

Description An authenticated user without specific authorizations may repeatedly invoke the features command at a high volume, leading to resource depletion or high lock contention. This may result in denial of service and, in rare cases, could result in id field collisions.

Recommendations For MongoDB Server versions prior to and including 5.0.3, update to a version later than 5.0.3 to resolve the issue. For MongoDB Server versions prior to and including 4.4.9, update to a version later than 4.4.9 to resolve the issue. For MongoDB Server versions prior to and including 4.2.16, update to a version later than 4.2.16 to resolve the issue. For MongoDB Server versions prior to and including 4.0.28, update to a version later than 4.0.28 to resolve the issue. As a temporary workaround, consider restricting access to the features command to minimize the risk of exploitation.