David Storch

**Name of the Vulnerable Software and Affected Versions** MongoDB Server versions prior to 3.6.21 MongoDB Server versions prior to 4.0.20 **Description** A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries containing a type of regex. This issue is related to insufficient processing of regular expressions, which may allow a remote attacker to cause a denial of service or elevate their privileges. **Recommendations** For MongoDB Server versions prior to 3.6.21, update to version 3.6.21 or later. For MongoDB Server versions prior to 4.0.20, update to version 4.0.20 or later. As a temporary workaround, consider restricting the use of regex in database queries to minimize the risk of exploitation.