4.2.1

CVSS 6.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

mongodb

CWE-754

NVD

Published: 2020-11-23

Updated: 2024-01-23

Summary

A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries which trigger an invariant in the IndexBoundsBuilder. This issue affects MongoDB Server v4.2 versions prior to 4.2.2.

Vulnerable Configurations

Part	Description	Count
Application	Mongodb Mongodb Mongodb 4.2.0 Mongodb Mongodb 4.2.1	2

Common Weakness Enumeration (CWE)

CWE-754 - Improper Check for Unusual or Exceptional Conditions

References

https://jira.mongodb.org/browse/SERVER-44377