Описание
A user authorized to performing a specific type of query may trigger a denial of service by issuing a generic explain command on a find query. This issue affects MongoDB Server v4.0 versions prior to 4.0.6 and MongoDB Server v3.6 versions prior to 3.6.11.
An improper input validation flaw causing a denial-of-service found in MongoDB. An attacker can perform a specific type of query which issues a generic explain command on a find query causing denial-of-service. The highest threat from this vulnerability is to the system availability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux OpenStack Platform 7 (Kilo) | mongodb | Out of support scope | ||
| Red Hat OpenStack Platform 10 (Newton) | mongodb | Out of support scope | ||
| Red Hat Software Collections | rh-mongodb36-mongodb | Will not fix | ||
| Red Hat Update Infrastructure 3 for Cloud Providers | mongodb | Will not fix |
Показывать по
Дополнительная информация
Статус:
EPSS
4.9 Medium
CVSS3
Связанные уязвимости
A user authorized to performing a specific type of query may trigger a denial of service by issuing a generic explain command on a find query. This issue affects MongoDB Server v4.0 versions prior to 4.0.6 and MongoDB Server v3.6 versions prior to 3.6.11.
A user authorized to performing a specific type of query may trigger a denial of service by issuing a generic explain command on a find query. This issue affects MongoDB Server v4.0 versions prior to 4.0.6 and MongoDB Server v3.6 versions prior to 3.6.11.
A user authorized to performing a specific type of query may trigger a ...
A user authorized to performing a specific type of query may trigger a denial of service by issuing a generic explain command on a find query. This issue affects: MongoDB Inc. MongoDB Server v4.0 versions prior to 4.0.6; MongoDB Server v3.6 versions prior to 3.6.11.
EPSS
4.9 Medium
CVSS3