Major - P3
MongoDB is susceptible to a denial of service (crash) due to failure to check for missing value.
When running with authentication, an attacker needs to be successfully authenticated into MongoDB and have write access to a database to be able to exploit this vulnerability.
Remote attackers may cause a denial of service (crash).
MongoDB 3.0.0 is affected by this issue.
The fix is included in the 3.0.1 production releases.
Improve validation of affected field.
This vulnerability was discovered by Xiaopeng Zhang of Fortinet's FortiGuard Labs.
CVE-2015-2705 has been designated for this issue. We rate this issue with a CVSS of 6.8
Users may reduce their exposure by limiting network access to the server. See the MongoDB Security documentation page for more information on recommended security practices for your MongoDB deployment.