CVE-2021-20329 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	6.8 MEDIUM	NETWORK	HIGH	LOW	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
mongodb	CNA	6.8 MEDIUM	NETWORK	HIGH	LOW	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

Base Score

CVSS 3.x

EPSS Score

Percentile: 41%

Affected Products (NVD)

Vendor	Product	Version
mongodb	go_driver	𝑥 ≤ 1.5.0

𝑥

= Vulnerable software versions

Ubuntu Releases

Ubuntu Product

Codename

mongodb

bionic	needs-triage
focal	needs-triage
groovy	dne
hirsute	dne
impish	dne
jammy	dne
kinetic	dne
lunar	dne
mantic	dne
noble	dne
trusty	needs-triage
xenial	needs-triage

Common Weakness Enumeration

CWE-1287 - Improper Validation of Specified Type of Input
The product receives input that is expected to be of a certain type, but it does not validate or incorrectly validates that the input is actually of the expected type.
CWE-20 - Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References

https://github.com/mongodb/mongo-go-driver/releases/tag/v1.5.1

https://github.com/mongodb/mongo-go-driver/releases/tag/v1.5.1