Description
A user authorized to performing a specific type of query may trigger a denial of service by issuing a generic explain command on a find query. This issue affects MongoDB Server v4.0 versions prior to 4.0.6 and MongoDB Server v3.6 versions prior to 3.6.11.
Remediation
References
Related Vulnerabilities
Oracle HTTP Server Other Vulnerability (CVE-2006-5348)
MediaWiki Improper Access Control Vulnerability (CVE-2015-8008)
Atlassian Confluence CVE-2023-22505 Vulnerability (CVE-2023-22505)
Atlassian Jira Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2019-20099)
WordPress Plugin Check & Log Email Cross-Site Scripting (0.5.1)