PT-2021-8843 · Mongodb · Mongodb Server+1
Published
2021-03-01
·
Updated
2024-09-17
·
CVE-2018-25004
CVSS v3.1
4.9
Medium
| Vector | AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
MongoDB Server versions prior to 4.0.6
MongoDB Server versions prior to 3.6.11
Description
A user authorized to perform a specific type of query may trigger a denial of service by issuing a generic explain command on a find query.
Recommendations
For MongoDB Server versions prior to 4.0.6, update to version 4.0.6 or later.
For MongoDB Server versions prior to 3.6.11, update to version 3.6.11 or later.
As a temporary workaround, consider restricting access to the explain command on find queries until a patch is available.
Fix
DoS
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Mongodb Server
Mongodb