Description
A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries, which perform an $elemMatch . This issue affects MongoDB Server v4.0 versions prior to 4.0.5 and MongoDB Server v3.6 versions prior to 3.6.10.
Remediation
References
Related Vulnerabilities
MediaWiki Permissions, Privileges, and Access Controls Vulnerability (CVE-2008-5687)
e107 Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2018-15901)
Oracle Database Server CVE-2010-0071 Vulnerability (CVE-2010-0071)
MySQL Other Vulnerability (CVE-2010-3682)
WordPress Plugin Contextual Related Posts Cross-Site Request Forgery (2.9.3)