Description

A user authorized to perform database queries may trigger denial of service by issuing specially crafted applyOps invocations. This issue affects MongoDB Server v4.0 versions prior to 4.0.10 and MongoDB Server v3.6 versions prior to 3.6.13.

Remediation

References

CVE-2018-20804

Related Vulnerabilities

Plone CMS Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-4196)

WordPress Plugin Powerhouse Museum Collection Image Grid 'tbpv_username' Parameter Cross-Site Scripting (0.9.1.1)

WordPress Plugin Gwolle Guestbook Cross-Site Scripting (2.5.3)

MySQL CVE-2021-35597 Vulnerability (CVE-2021-35597)

WordPress Plugin Widget Logic Cross-Site Request Forgery (5.9.0)

Severity

Medium

Classification

CVE-2018-20804 CWE-20 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Tags

Missing Update Known Vulnerabilities