Description

A user authorized to perform database queries may cause denial of service by issuing specially crafted queries, which violate an invariant in the query subsystem's support for geoNear. This issue affects MongoDB Server v4.4 versions prior to 4.4.0-rc7; MongoDB Server v4.2 versions prior to 4.2.8 and MongoDB Server v4.0 versions prior to 4.0.19.

Remediation

References

CVE-2020-7923

Related Vulnerabilities

Oracle Application Server CVE-2006-3707 Vulnerability (CVE-2006-3707)

Magento Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2019-7864)

WordPress Plugin Import and export users and customers Multiple Vulnerabilities (1.9.4.6)

WordPress Plugin Contest Gallery-Photo Contest for WordPress Cross-Site Scripting (13.1.0.9)

Oracle JRE CVE-2024-21138 Vulnerability (CVE-2024-21138)

Severity

Medium

Classification

CVE-2020-7923 CWE-755 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Tags

Missing Update Known Vulnerabilities