Description

A user authorized to performing a specific type of query may trigger a denial of service by issuing a generic explain command on a find query. This issue affects MongoDB Server v4.0 versions prior to 4.0.6 and MongoDB Server v3.6 versions prior to 3.6.11.

Remediation

References

CVE-2018-25004

Related Vulnerabilities

WordPress Plugin cloudsafe365_for_WP 'file' Parameter Remote File Disclosure (1.46)

WordPress Plugin dsSearchAgent:WordPress Edition Cross-Site Scripting (1.0-beta10)

AbanteCart Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2016-10755)

Oracle Database Server CVE-2014-4236 Vulnerability (CVE-2014-4236)

PostgreSQL Permissions, Privileges, and Access Controls Vulnerability (CVE-2007-2138)

Severity

Medium

Classification

CVE-2018-25004 CWE-20 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Tags

Missing Update Known Vulnerabilities