CVE-2019-20923

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2019-20923

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-20923.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2019-20923

Related

UBUNTU-CVE-2019-20923

Published

2020-11-23T16:15:12Z

Modified

2025-01-14T07:57:11.570133Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries, which throw unhandled Javascript exceptions containing types intended to be scoped to the Javascript engine's internals. This issue affects MongoDB Server v4.0 versions prior to 4.0.7.

References

https://jira.mongodb.org/browse/SERVER-39481

Affected packages

Git / github.com/mongodb/mongo

Affected ranges

Type: GIT
Repo: https://github.com/mongodb/mongo
Events: Introduced

3b07af3d4f471ae89e8186d33bbb1d5259597d51

Fixed

1b82c812a9c0bbf6dc79d5400de9ea99e6ffa025

Affected versions

r4.*

r4.0.0

r4.0.1

r4.0.1-rc0

r4.0.1-rc1

r4.0.2

r4.0.2-rc0

r4.0.3

r4.0.3-rc0

r4.0.4

r4.0.4-rc0

r4.0.4-rc1

r4.0.4-rc2

r4.0.5

r4.0.5-rc0

r4.0.5-rc1

r4.0.6

r4.0.6-rc0

r4.0.6-rc1

r4.0.7-rc0