BIT-mongodb-2020-7925

See a problem?
Import Source
https://github.com/bitnami/vulndb/tree/main/data/mongodb/BIT-mongodb-2020-7925.json
JSON Data
https://api.osv.dev/v1/vulns/BIT-mongodb-2020-7925
Aliases
Published
2024-03-06T10:58:54.976Z
Modified
2025-05-20T10:02:07.006Z
Summary
Denial of Service when processing malformed Role names
Details

Incorrect validation of user input in the role name parser may lead to use of uninitialized memory allowing an unauthenticated attacker to use a specially crafted request to cause a denial of service. This issue affects MongoDB Server v4.4 versions prior to 4.4.0-rc12; MongoDB Server v4.2 versions prior to 4.2.9.

Database specific
{
    "cpes": [
        "cpe:2.3:a:mongodb:mongodb:*:*:*:*:*:*:*:*",
        "cpe:2.3:a:mongodb:mongodb:4.4.0:rc10:*:*:*:*:*:*",
        "cpe:2.3:a:mongodb:mongodb:4.4.0:rc11:*:*:*:*:*:*",
        "cpe:2.3:a:mongodb:mongodb:4.4.0:rc1:*:*:*:*:*:*",
        "cpe:2.3:a:mongodb:mongodb:4.4.0:rc2:*:*:*:*:*:*",
        "cpe:2.3:a:mongodb:mongodb:4.4.0:rc3:*:*:*:*:*:*",
        "cpe:2.3:a:mongodb:mongodb:4.4.0:rc4:*:*:*:*:*:*",
        "cpe:2.3:a:mongodb:mongodb:4.4.0:rc5:*:*:*:*:*:*",
        "cpe:2.3:a:mongodb:mongodb:4.4.0:rc6:*:*:*:*:*:*",
        "cpe:2.3:a:mongodb:mongodb:4.4.0:rc7:*:*:*:*:*:*",
        "cpe:2.3:a:mongodb:mongodb:4.4.0:rc8:*:*:*:*:*:*",
        "cpe:2.3:a:mongodb:mongodb:4.4.0:rc9:*:*:*:*:*:*"
    ],
    "severity": "High"
}
References

Affected packages

Bitnami / mongodb

Package

Name
mongodb
Purl
pkg:bitnami/mongodb

Severity

  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Affected ranges

Type
SEMVER
Events
Introduced
4.2.0
Fixed
4.2.9