First published: Fri Feb 26 2021(Updated: )
A user authorized to perform database queries may trigger denial of service by issuing specially crafted query contain a type of regex. This issue affects MongoDB Server v3.6 versions prior to 3.6.21 and MongoDB Server v4.0 versions prior to 4.0.20.
Credit: cna@mongodb.com cna@mongodb.com
Affected Software | Affected Version | How to fix |
---|---|---|
MongoDB MongoDB | >=3.6.0<3.6.21 | |
MongoDB MongoDB | >=4.0.0<4.0.20 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID of this issue is CVE-2020-7929.
This vulnerability affects MongoDB Server v3.6 versions prior to 3.6.21 and MongoDB Server v4.0 versions prior to 4.0.20.
The severity of CVE-2020-7929 is medium (6.5).
A user authorized to perform database queries can trigger denial of service by issuing a specially crafted query containing a type of regex.
Yes, the fix for this vulnerability is to update MongoDB Server to version 3.6.21 or 4.0.20.