Description
A user authorized to performing a specific type of query may trigger a denial of service by issuing a generic explain command on a find query. This issue affects MongoDB Server v4.0 versions prior to 4.0.6 and MongoDB Server v3.6 versions prior to 3.6.11.
Remediation
References
Related Vulnerabilities
XWiki Inadequate Encryption Strength Vulnerability (CVE-2022-29161)
WordPress Plugin Product Catalog Multiple Vulnerabilities (4.2.11)
WordPress Plugin SoundPress Cross-Site Scripting (2.2.6)
Plone CMS Server-Side Request Forgery (SSRF) Vulnerability (CVE-2021-33926)
WordPress Plugin Coming soon and Maintenance mode Unspecified Vulnerability (3.5.4)