{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-01T11:23:56.362","vulnerabilities":[{"cve":{"id":"CVE-2021-32036","sourceIdentifier":"cna@mongodb.com","published":"2022-02-04T23:15:11.490","lastModified":"2024-11-21T06:06:45.330","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An authenticated user without any specific authorizations may be able to repeatedly invoke the features command where at a high volume may lead to resource depletion or generate high lock contention. This may result in denial of service and in rare cases could result in id field collisions. This issue affects MongoDB Server v5.0 versions prior to and including 5.0.3; MongoDB Server v4.4 versions prior to and including 4.4.9; MongoDB Server v4.2 versions prior to and including 4.2.16 and MongoDB Server v4.0 versions prior to and including 4.0.28"},{"lang":"es","value":"Un usuario autenticado sin ninguna autorización específica puede ser capaz de invocar repetidamente el comando features donde a un alto volumen puede conllevar a un agotamiento de recursos o generar una alta contención de bloqueos. Esto puede resultar en una denegación de servicio y, en casos raros, podría resultar en colisiones del campo id"}],"metrics":{"cvssMetricV31":[{"source":"cna@mongodb.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":2.5},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":4.2}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:N/I:P/A:P","baseScore":5.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"cna@mongodb.com","type":"Secondary","description":[{"lang":"en","value":"CWE-770"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-770"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:mongodb:mongodb:*:*:*:*:*:*:*:*","versionStartIncluding":"2.0.0","versionEndExcluding":"4.2.18","matchCriteriaId":"F347D870-DC73-48A2-9D83-339095FD1AC0"},{"vulnerable":true,"criteria":"cpe:2.3:a:mongodb:mongodb:*:*:*:*:*:*:*:*","versionStartIncluding":"4.4.0","versionEndExcluding":"4.4.10","matchCriteriaId":"246D91DC-DC1E-4521-88D5-0915D4152A0A"},{"vulnerable":true,"criteria":"cpe:2.3:a:mongodb:mongodb:*:*:*:*:*:*:*:*","versionStartIncluding":"5.0.0","versionEndExcluding":"5.0.4","matchCriteriaId":"F8601A2F-3061-47D5-8E27-5FEC58D25637"}]}]}],"references":[{"url":"https://jira.mongodb.org/browse/SERVER-59294","source":"cna@mongodb.com","tags":["Issue Tracking","Vendor Advisory"]},{"url":"https://jira.mongodb.org/browse/SERVER-59294","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Vendor Advisory"]}]}}]}