First published: Fri Aug 21 2020(Updated: )
A user authorized to perform database queries may cause denial of service by issuing specially crafted queries, which violate an invariant in the query subsystem's support for geoNear. This issue affects MongoDB Server v4.4 versions prior to 4.4.0-rc7; MongoDB Server v4.2 versions prior to 4.2.8 and MongoDB Server v4.0 versions prior to 4.0.19.
Credit: cna@mongodb.com cna@mongodb.com
Affected Software | Affected Version | How to fix |
---|---|---|
MongoDB MongoDB | >=4.0<4.0.19 | |
MongoDB MongoDB | >=4.2<4.2.8 | |
MongoDB MongoDB | >=4.4<4.4.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-7923 is a vulnerability that allows a user authorized to perform database queries to cause denial of service by issuing specially crafted queries on MongoDB Server versions prior to 4.4.0-rc7.
CVE-2020-7923 affects MongoDB Server versions prior to 4.4.0-rc7.
The severity of CVE-2020-7923 is medium with a severity value of 6.5.
To fix CVE-2020-7923, it is recommended to upgrade MongoDB Server to version 4.4.0-rc7 or later.
You can find more information about CVE-2020-7923 on the MongoDB Jira page: https://jira.mongodb.org/browse/SERVER-47773