BIT-mongodb-2020-7923

See a problem?
Import Source
https://github.com/bitnami/vulndb/tree/main/data/mongodb/BIT-mongodb-2020-7923.json
JSON Data
https://api.osv.dev/v1/vulns/BIT-mongodb-2020-7923
Aliases
Published
2024-03-06T10:59:03.972Z
Modified
2025-04-03T14:40:37.652Z
Summary
[none]
Details

A user authorized to perform database queries may cause denial of service by issuing specially crafted queries, which violate an invariant in the query subsystem's support for geoNear. This issue affects MongoDB Server v4.4 versions prior to 4.4.0-rc7; MongoDB Server v4.2 versions prior to 4.2.8 and MongoDB Server v4.0 versions prior to 4.0.19.

Database specific
{
    "cpes": [
        "cpe:2.3:a:mongodb:mongodb:*:*:*:*:*:*:*:*"
    ],
    "severity": "Medium"
}
References

Affected packages

Bitnami / mongodb

Package

Name
mongodb
Purl
pkg:bitnami/mongodb

Severity

  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Affected ranges

Type
SEMVER
Events
Introduced
4.0.0
Fixed
4.0.19
Introduced
4.2.0
Fixed
4.2.8
Introduced
4.4.0
Fixed
4.4.0