First published: Mon Nov 23 2020(Updated: )
A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries, which perform an $elemMatch . This issue affects MongoDB Server v4.0 versions prior to 4.0.5 and MongoDB Server v3.6 versions prior to 3.6.10.
Credit: cna@mongodb.com cna@mongodb.com
Affected Software | Affected Version | How to fix |
---|---|---|
MongoDB MongoDB | >=3.6.0<3.6.10 | |
MongoDB MongoDB | >=4.0.0<4.0.5 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2018-20805 is a vulnerability that allows a user with database query privileges to cause denial of service by executing specially crafted queries.
MongoDB Server v4.0 versions prior to 4.0.5 and v3.6 versions prior to 3.6.10 are affected by CVE-2018-20805.
An attacker can exploit CVE-2018-20805 by issuing specially crafted queries that perform an $elemMatch operation.
CVE-2018-20805 has a severity rating of medium with a CVSS score of 6.5.
Yes, MongoDB Inc. released fixes for CVE-2018-20805 in MongoDB Server versions 4.0.5 and 3.6.10.