Description
A user authorized to performing a specific type of query may trigger a denial of service by issuing a generic explain command on a find query. This issue affects MongoDB Server v4.0 versions prior to 4.0.6 and MongoDB Server v3.6 versions prior to 3.6.11.
Remediation
References
Related Vulnerabilities
WordPress Plugin Contact Form Clean and Simple Cross-Site Scripting (4.7.0)
WordPress Plugin WC Duplicate Order Security Bypass (1.5)
XWiki Exposure of Resource to Wrong Sphere Vulnerability (CVE-2023-29208)
OpenSSL Improper Access Control Vulnerability (CVE-2016-7054)
WordPress Plugin Social Share Icons & Social Share Buttons Security Bypass (3.0.2)