CVE-2018-20804

State: PUBLISHED · Published: 2020-11-23 · Updated: 2024-09-17 · Assigner: mongodb

Description

A user authorized to perform database queries may trigger denial of service by issuing specially crafted applyOps invocations. This issue affects MongoDB Server v4.0 versions prior to 4.0.10 and MongoDB Server v3.6 versions prior to 3.6.13.

CWE

CWE-20 — CWE-20 Improper Input Validation

Affected

MongoDB Inc. / MongoDB Server — v=3.6 <3.6.13 [affected]; v=4.0 <4.0.10 [affected]

CVSS

3.1 score=6.5 severity=MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

References

https://jira.mongodb.org/browse/SERVER-35636 x_refsource_CONFIRM

Source

cvelistV5-main/cves/2018/20xxx/CVE-2018-20804.json