CVE-2018-20805

Опубликовано: 23 нояб. 2020

Источник: redhat

CVSS3: 6.5

Описание

A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries, which perform an $elemMatch . This issue affects MongoDB Server v4.0 versions prior to 4.0.5 and MongoDB Server v3.6 versions prior to 3.6.10.

Затронутые пакеты

Платформа	Пакет	Состояние
Red Hat Advanced Cluster Management for Kubernetes 2	mongodb	Not affected
Red Hat OpenStack Platform 10 (Newton)	mongodb	Out of support scope
Red Hat Software Collections	rh-mongodb36-mongodb	Will not fix
Red Hat Update Infrastructure 3 for Cloud Providers	mongodb	Not affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-835

https://bugzilla.redhat.com/show_bug.cgi?id=1900854mongodb: Denial of service via crafted queries which perform an $elemMatch

6.5 Medium

CVSS3

Связанные уязвимости

CVE-2018-20805

CVSS3: 6.5

ubuntu

около 5 лет назад

CVE-2018-20805

CVSS3: 6.5

nvd

около 5 лет назад

CVE-2018-20805

CVSS3: 6.5

debian

около 5 лет назад

A user authorized to perform database queries may trigger denial of se ...

GHSA-h55v-wgpx-c3rf

CVSS3: 6.5

github

больше 3 лет назад

A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries, which perform an $elemMatch This issue affects: MongoDB Inc. MongoDB Server v4.0 versions prior to 4.0.5; v3.6 versions prior to 3.6.10. This issue affects: MongoDB Inc. MongoDB Server 3.6 versions prior to 3.6.10; 4.0 versions prior to 4.0.5.

6.5 Medium

CVSS3