Description

A user authorized to perform database queries may cause denial of service by issuing specially crafted queries, which violate an invariant in the query subsystem's support for geoNear. This issue affects MongoDB Server v4.4 versions prior to 4.4.0-rc7; MongoDB Server v4.2 versions prior to 4.2.8 and MongoDB Server v4.0 versions prior to 4.0.19.

Remediation

References

CVE-2020-7923

Related Vulnerabilities

WordPress Plugin Husker Portfolio Cross-Site Request Forgery (0.3)

GeoServer Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2024-36401)

Dolibarr Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-5323)

PHP HTTP POST incorrect MIME header parsing vulnerability

WordPress Improper Restriction of XML External Entity Reference Vulnerability (CVE-2021-29447)

Severity

Medium

Classification

CVE-2020-7923 CWE-755 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Tags

Missing Update Known Vulnerabilities