Loading...

XML

Word

Printable

JSON

Type: Bug
Resolution: Fixed
Priority: Major - P3
Fix Version/s: None
Affects Version/s: None
Component/s: None
Labels:
None

Backwards Compatibility:
Fully Compatible
Operating System:
ALL
Confidence Status:
None

Aha! Reference:
None
Tracking Level:
None
Risk Status:
None
Exec Notes:
None
Goal Name:
None
Goal Link:
None

CVE ID:

TBD

Title:
MongoDB Server may crash due to improper validation of explain command

Description:

When run on commands with certain arguments set, explain may fail to validate these arguments before using them. This can lead to crashes in router servers. This affects MongoDB Server v5.0 prior to 5.0.31, MongoDB Server v6.0 prior to 6.0.20, MongoDB Server v7.0 prior to 7.0.16 and MongoDB Server v8.0 prior to 8.0.4

CVSS Score:
6.5 - https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

List all affected product versions:

MongoDB Server v5.0 prior to 5.0.31

MongoDB Server v6.0 prior to 6.0.20

MongoDB Server v7.0 prior to 7.0.16

MongoDB Server v8.0 prior to 8.0.4

CWE:

CWE-703: Improper Check or Handling of Exceptional Conditions

Assignee:: Karman Liu

Reporter:: Karman Liu

Participants:: Karman Liu

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Created:: Apr 01 2025 09:10:32 AM UTC

Updated:: Apr 01 2025 11:14:10 AM UTC

Resolved:: Apr 01 2025 09:11:02 AM UTC

GA Target Date:: None

Public Preview Target Date:: None

Private Preview Target Date:: None

Experiment Target Date:: None

Details

Description

Attachments

Activity

People

Dates