CVE-2018-20802

A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries with compound indexes affecting QueryPlanner. This issue affects MongoDB Server v3.6 versions prior to 3.6.9 and MongoDB Server v4.0 versions prior to 4.0.3.
References
Link Resource
https://jira.mongodb.org/browse/SERVER-36993 Issue Tracking Vendor Advisory
https://jira.mongodb.org/browse/SERVER-36993 Issue Tracking Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:mongodb:mongodb:*:*:*:*:*:*:*:*
cpe:2.3:a:mongodb:mongodb:*:*:*:*:*:*:*:*

History

21 Nov 2024, 04:02

Type Values Removed Values Added
References () https://jira.mongodb.org/browse/SERVER-36993 - Issue Tracking, Vendor Advisory () https://jira.mongodb.org/browse/SERVER-36993 - Issue Tracking, Vendor Advisory

17 Sep 2024, 03:15

Type Values Removed Values Added
Summary (en) A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries with compound indexes affecting QueryPlanner. This issue affects MongoDB Server v3.6 versions prior to 3.6.9 and MongoDB Server v4.0 versions prior to 4.0.3. (en) A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries with compound indexes affecting QueryPlanner. This issue affects MongoDB Server v3.6 versions prior to 3.6.9 and MongoDB Server v4.0 versions prior to 4.0.3.

23 Jan 2024, 15:15

Type Values Removed Values Added
Summary A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries with compound indexes affecting QueryPlanner. This issue affects: MongoDB Inc. MongoDB Server v3.6 versions prior to 3.6.9, v4.0 versions prior to 4.0.3. A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries with compound indexes affecting QueryPlanner. This issue affects MongoDB Server v3.6 versions prior to 3.6.9 and MongoDB Server v4.0 versions prior to 4.0.3.

Information

Published : 2020-11-23 16:15

Updated : 2024-11-21 04:02


NVD link : CVE-2018-20802

Mitre link : CVE-2018-20802

CVE.ORG link : CVE-2018-20802


JSON object : View

Products Affected

mongodb

  • mongodb
CWE
CWE-394

Unexpected Status Code or Return Value

NVD-CWE-Other