First published: Mon Nov 23 2020(Updated: )
A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries with compound indexes affecting QueryPlanner. This issue affects MongoDB Server v3.6 versions prior to 3.6.9 and MongoDB Server v4.0 versions prior to 4.0.3.
Credit: cna@mongodb.com cna@mongodb.com
Affected Software | Affected Version | How to fix |
---|---|---|
MongoDB MongoDB | >=3.6.0<3.6.9 | |
MongoDB MongoDB | >=4.0.0<4.0.3 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2018-20802 is a vulnerability that allows a user authorized to perform database queries to trigger denial of service by issuing specially crafted queries with compound indexes affecting QueryPlanner.
CVE-2018-20802 affects MongoDB Server v3.6 versions prior to 3.6.9 and v4.0 versions prior to 4.0.3.
CVE-2018-20802 can be exploited by a user authorized to perform database queries by issuing specially crafted queries with compound indexes affecting QueryPlanner.
CVE-2018-20802 has a severity level of medium.
Yes, a fix for CVE-2018-20802 is available in MongoDB Server v3.6.9 and v4.0.3.