Vulnerabilities > CVE-2019-20923 - Unspecified vulnerability in Mongodb

CVSS 6.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

mongodb

NVD

Published: 2020-11-23

Updated: 2024-01-23

Summary

A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries, which throw unhandled Javascript exceptions containing types intended to be scoped to the Javascript engine's internals. This issue affects MongoDB Server v4.0 versions prior to 4.0.7.

Vulnerable Configurations

Part	Description	Count
Application	Mongodb Mongodb Mongodb 4.0.0 Mongodb Mongodb 4.0.1 Mongodb Mongodb 4.0.2 Mongodb Mongodb 4.0.3 Mongodb Mongodb 4.0.4 Mongodb Mongodb 4.0.5 Mongodb Mongodb 4.0.6	7

References

https://jira.mongodb.org/browse/SERVER-39481