CVE-2018-20804

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2018-20804

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-20804.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2018-20804

Related

UBUNTU-CVE-2018-20804

Published

2020-11-23T16:15:12Z

Modified

2025-02-19T02:38:35.690607Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

A user authorized to perform database queries may trigger denial of service by issuing specially crafted applyOps invocations. This issue affects MongoDB Server v4.0 versions prior to 4.0.10 and MongoDB Server v3.6 versions prior to 3.6.13.

References

https://jira.mongodb.org/browse/SERVER-35636

Affected packages

Git / github.com/mongodb/mongo

Affected ranges

Type: GIT
Repo: https://github.com/mongodb/mongo
Events: Introduced

a57d8e71e6998a2d0afde7edc11bd23e5661c915

Fixed

db3c76679b7a3d9b443a0e1b3e45ed02b88c539f

Affected versions

r3.*

r3.6.0

r3.6.1

r3.6.1-rc0

r3.6.1-rc1

r3.6.10

r3.6.10-rc0

r3.6.10-rc1

r3.6.11

r3.6.11-rc0

r3.6.11-rc1

r3.6.11-rc2

r3.6.12

r3.6.12-rc0

r3.6.12-rc1

r3.6.13-rc0

r3.6.2

r3.6.2-rc0

r3.6.3

r3.6.3-rc0

r3.6.3-rc1

r3.6.4

r3.6.4-rc0

r3.6.5

r3.6.5-rc0

r3.6.6

r3.6.6-rc0

r3.6.7

r3.6.7-rc0

r3.6.7-rc1

r3.6.8

r3.6.8-rc0

r3.6.8-rc1

r3.6.9

r3.6.9-rc0