-
Type:
Bug
-
Status: Closed
-
Priority:
Major - P3
-
Resolution: Fixed
-
Affects Version/s: None
-
Component/s: Replication
-
Labels:
-
Backwards Compatibility:Fully Compatible
-
Operating System:ALL
-
Backport Requested:v4.0, v3.6, v3.4
-
Sprint:Repl 2019-02-25, Repl 2019-03-11
-
Linked BF Score:49
CVE-2018-20804
Title: Invariant failure in applyOps
Description:
A user authorized to perform database queries may trigger denial of service by issuing specially crafted applyOps invocations. This issue affects: MongoDB Inc. MongoDB Server v4.0 versions prior to 4.0.10; v3.6 versions prior to 3.6.13.
CVSS score:
This issue's CVSS:3.1 severity is scored at 6.5 using the following scoring metrics:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Affected versions:
MongoDB Inc. MongoDB Server v4.0 versions prior to 4.0.10; v3.6 versions prior to 3.6.13.
CWE: CWE-20: Improper Input Validation