Description

A user authorized to perform database queries may cause denial of service by issuing specially crafted queries, which violate an invariant in the query subsystem's support for geoNear. This issue affects MongoDB Server v4.4 versions prior to 4.4.0-rc7; MongoDB Server v4.2 versions prior to 4.2.8 and MongoDB Server v4.0 versions prior to 4.0.19.

Remediation

References

CVE-2020-7923

Related Vulnerabilities

WordPress Plugin Page Builder by SiteOrigin Cross-Site Request Forgery (2.10.15)

Atlassian Jira Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2021-41307)

WordPress Plugin Shortcode Redirect 'domain' Parameter Cross-Site Scripting (1.0.01)

WordPress Plugin Team Members Cross-Site Scripting (5.0.3)

WebLogic CVE-2017-10336 Vulnerability (CVE-2017-10336)

Severity

Medium

Classification

CVE-2020-7923 CWE-755 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Tags

Missing Update Known Vulnerabilities