Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

MongoDb Other Vulnerability (CVE-2019-20923)

Description

A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries, which throw unhandled Javascript exceptions containing types intended to be scoped to the Javascript engine's internals. This issue affects MongoDB Server v4.0 versions prior to 4.0.7.

Remediation

References

Related Vulnerabilities

WordPress Plugin WordPress Related Posts Cross-Site Scripting (3.6.4)

Magento Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2019-8134)

Dolphin Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-3728)

Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-2081)

WordPress Plugin RokNewsPager Multiple Vulnerabilities (1.17)

Severity

Medium

Classification

CVE-2019-20923 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Tags

Missing Update Known Vulnerabilities