PT-2020-19850 · Mongodb · Mongodb Server+1
Published
2020-11-23
·
Updated
2024-09-17
·
CVE-2020-7925
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
MongoDB Server versions prior to 4.4.0-rc12
MongoDB Server versions prior to 4.2.9
Description
The issue is caused by incorrect validation of user input in the role name parser, which may lead to the use of uninitialized memory. This allows an unauthenticated attacker to use a specially crafted request to cause a denial of service.
Recommendations
For MongoDB Server versions prior to 4.4.0-rc12, update to version 4.4.0-rc12 or later.
For MongoDB Server versions prior to 4.2.9, update to version 4.2.9 or later.
Fix
DoS
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Mongodb Server
Mongodb