Description
A user authorized to performing a specific type of query may trigger a denial of service by issuing a generic explain command on a find query. This issue affects MongoDB Server v4.0 versions prior to 4.0.6 and MongoDB Server v3.6 versions prior to 3.6.11.
Remediation
References
Related Vulnerabilities
WordPress Plugin Redirection Page Multiple Vulnerabilities (1.2)
Apache 2.x version older than 2.2.9
Joomla! Core SQL Injection (1.7.0 - 3.9.15)
Caddy Web Server URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2022-29718)
Oracle Application Server CVE-2009-1017 Vulnerability (CVE-2009-1017)