[SERVER-35636] Renaming collection for applyOps needs to check completeness of target namespace - MongoDB

XML

Word

Printable

Details

Type: Bug
Status: Closed
Priority: Major - P3
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 3.6.13, 4.1.9, 4.0.10
Component/s: Replication
Labels:
- former-quick-wins

Backwards Compatibility:
Fully Compatible
Operating System:
ALL
Backport Requested:

v4.0, v3.6, v3.4
Sprint:
Repl 2019-02-25, Repl 2019-03-11
Linked BF Score:
49

Description

CVE-2018-20804

Title: Invariant failure in applyOps

Description:
A user authorized to perform database queries may trigger denial of service by issuing specially crafted applyOps invocations. This issue affects: MongoDB Inc. MongoDB Server v4.0 versions prior to 4.0.10; v3.6 versions prior to 3.6.13.

CVSS score:
This issue's CVSS:3.1 severity is scored at 6.5 using the following scoring metrics:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Affected versions:
MongoDB Inc. MongoDB Server v4.0 versions prior to 4.0.10; v3.6 versions prior to 3.6.13.

CWE: CWE-20: Improper Input Validation

Attachments

Activity

People

Assignee:: Pavithra Vetriselvan

Reporter:: Vesselina Ratcheva

Participants:: Githook User, Pavithra Vetriselvan, Vesselina Ratcheva

Votes:: 0 Vote for this issue

Watchers:: 10 Start watching this issue

Dates

Created:: Jun 16 2018 12:57:18 AM UTC

Updated:: Nov 23 2020 06:26:11 PM UTC

Resolved:: Mar 04 2019 07:10:58 PM UTC