Description
A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries, which perform an $elemMatch . This issue affects MongoDB Server v4.0 versions prior to 4.0.5 and MongoDB Server v3.6 versions prior to 3.6.10.
Published: 2020-11-23
Score: 6.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

Remediation

No vendor fix or workaround currently provided.

Additional remediation guidance may be available on OpenCVE Cloud.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2018-13347 A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries, which perform an $elemMatch . This issue affects MongoDB Server v4.0 versions prior to 4.0.5 and MongoDB Server v3.6 versions prior to 3.6.10.
History

Tue, 17 Sep 2024 03:15:00 +0000

Type Values Removed Values Added
Description A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries, which perform an $elemMatch . This issue affects MongoDB Server v4.0 versions prior to 4.0.5 and MongoDB Server v3.6 versions prior to 3.6.10. A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries, which perform an $elemMatch . This issue affects MongoDB Server v4.0 versions prior to 4.0.5 and MongoDB Server v3.6 versions prior to 3.6.10.

Subscriptions

Mongodb Mongodb
cve-icon MITRE

Status: PUBLISHED

Assigner: mongodb

Published:

Updated: 2024-09-17T03:08:29.011Z

Reserved: 2019-03-15T00:00:00.000Z

Link: CVE-2018-20805

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2020-11-23T16:15:12.277

Modified: 2024-11-21T04:02:13.113

Link: CVE-2018-20805

cve-icon Redhat

Severity : Moderate

Publid Date: 2020-11-23T00:00:00Z

Links: CVE-2018-20805 - Bugzilla

cve-icon OpenCVE Enrichment

No data.

Weaknesses