CVE-2021-20333
5.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Summary
Sending specially crafted commands to a MongoDB Server may result in artificial log entries being generated or for log entries to be split. This issue affects MongoDB Server v3.6 versions prior to 3.6.20; MongoDB Server v4.0 versions prior to 4.0.21 and MongoDB Server v4.2 versions prior to 4.2.10.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| MongoDB Inc. | MongoDB Server | 3.6 < 3.6.20 | affected |
| MongoDB Inc. | MongoDB Server | 4.0 < 4.0.21 | affected |
| MongoDB Inc. | MongoDB Server | 4.2 < 4.2.10 | affected |
Weaknesses
- CWE-117: CWE-117 Improper Output Neutralization for Logs
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.