Loading...

XML

Word

Printable

JSON

Type: Bug
Resolution: Fixed
Priority: Major - P3
Fix Version/s: 3.6.13, 4.1.9, 4.0.10
Affects Version/s: None
Component/s: Replication
Labels:
- former-quick-wins

Backwards Compatibility:
Fully Compatible
Operating System:
ALL
Backport Requested:

v4.0, v3.6, v3.4
Sprint:
Repl 2019-02-25, Repl 2019-03-11
Linked BF Score:
49
Confidence Status:
None
Work Order:
3
CAR Domain/s:
None

Aha! Reference:
None
Tracking Level:
None
Risk Status:
None
Exec Notes:
None
Goal Name(s):
None
Goal Link:
None

CVE-2018-20804

Title: Invariant failure in applyOps

Description:
A user authorized to perform database queries may trigger denial of service by issuing specially crafted applyOps invocations. This issue affects: MongoDB Inc. MongoDB Server v4.0 versions prior to 4.0.10; v3.6 versions prior to 3.6.13.

CVSS score:
This issue's CVSS:3.1 severity is scored at 6.5 using the following scoring metrics:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Affected versions:
MongoDB Inc. MongoDB Server v4.0 versions prior to 4.0.10; v3.6 versions prior to 3.6.13.

CWE: CWE-20: Improper Input Validation

Assignee:: Pavithra Vetriselvan
Reporter:: Vesselina Ratcheva (Inactive)
Participants:: Githook User, Pavithra Vetriselvan, Vesselina Ratcheva
Votes:: 0 Vote for this issue
Watchers:: 10 Start watching this issue

Created:: Jun 16 2018 12:57:18 AM UTC
Updated:: Oct 29 2023 10:30:42 PM UTC
Resolved:: Mar 04 2019 07:10:58 PM UTC
Confidence Status Last Update:: 20/Feb/19 4:19 PM

Details

Description

Attachments

Activity

People

Dates