Description

A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries with compound indexes affecting QueryPlanner. This issue affects MongoDB Server v3.6 versions prior to 3.6.9 and MongoDB Server v4.0 versions prior to 4.0.3.

Remediation

References

CVE-2018-20802

Related Vulnerabilities

Oracle JRE CVE-2024-20952 Vulnerability (CVE-2024-20952)

Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2011-4293)

Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-33332)

PHP Resource Management Errors Vulnerability (CVE-2011-1657)

WordPress Plugin Translate WordPress-Google Language Translator Cross-Site Scripting (5.0.05)

Severity

Medium

Classification

CVE-2018-20802 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Tags

Missing Update Known Vulnerabilities