BIT-mongodb-2020-7925

See a problem?
Import Source
https://github.com/bitnami/vulndb/tree/main/data/mongodb/BIT-mongodb-2020-7925.json
JSON Data
https://api.osv.dev/v1/vulns/BIT-mongodb-2020-7925
Aliases
Published
2024-03-06T10:58:54.976Z
Modified
2024-03-06T11:25:28.861Z
Summary
[none]
Details

Incorrect validation of user input in the role name parser may lead to use of uninitialized memory allowing an unauthenticated attacker to use a specially crafted request to cause a denial of service. This issue affects MongoDB Server v4.4 versions prior to 4.4.0-rc12; MongoDB Server v4.2 versions prior to 4.2.9.

References

Affected packages

Bitnami / mongodb

Package

Name
mongodb
Purl
pkg:bitnami/mongodb

Severity

  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Affected ranges

Type
SEMVER
Events
Introduced
4.2.0
Fixed
4.2.9
Type
SEMVER
Events
Introduced
4.4.0-rc1
Last affected
4.4.0-rc1
Introduced
4.4.0-rc10
Last affected
4.4.0-rc10
Introduced
4.4.0-rc11
Last affected
4.4.0-rc11
Introduced
4.4.0-rc2
Last affected
4.4.0-rc2
Introduced
4.4.0-rc3
Last affected
4.4.0-rc3
Introduced
4.4.0-rc4
Last affected
4.4.0-rc4
Introduced
4.4.0-rc5
Last affected
4.4.0-rc5
Introduced
4.4.0-rc6
Last affected
4.4.0-rc6
Introduced
4.4.0-rc7
Last affected
4.4.0-rc7
Introduced
4.4.0-rc8
Last affected
4.4.0-rc8
Introduced
4.4.0-rc9
Last affected
4.4.0-rc9