Description

A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries which trigger an invariant in the IndexBoundsBuilder. This issue affects MongoDB Server v4.2 versions prior to 4.2.2.

Remediation

References

CVE-2019-20924

Related Vulnerabilities

WordPress Plugin WP Elegant Testimonial Cross-Site Scripting (1.1.6)

phpMyAdmin 7PK - Security Features Vulnerability (CVE-2016-5702)

MySQL CVE-2024-21129 Vulnerability (CVE-2024-21129)

MyBB URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2018-10678)

Ruby on Rails Improper Input Validation Vulnerability (CVE-2019-5420)

Severity

Medium

Classification

CVE-2019-20924 CWE-754 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Tags

Missing Update Known Vulnerabilities