Description

A user authorized to perform database queries may trigger denial of service by issuing specially crafted applyOps invocations. This issue affects MongoDB Server v4.0 versions prior to 4.0.10 and MongoDB Server v3.6 versions prior to 3.6.13.

Remediation

References

CVE-2018-20804

Related Vulnerabilities

WordPress Plugin Chained Quiz Cross-Site Scripting (1.1.8.1)

PHP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2010-2100)

Oracle Application Server CVE-2007-5520 Vulnerability (CVE-2007-5520)

PostgreSQL Improper Access Control Vulnerability (CVE-2019-10128)

Jboss EAP Improper Neutralization of CRLF Sequences ('CRLF Injection') Vulnerability (CVE-2016-4993)

Severity

Medium

Classification

CVE-2018-20804 CWE-20 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Tags

Missing Update Known Vulnerabilities