<!-- 
RSS generated by JIRA (9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66) at Thu Feb 08 05:15:11 UTC 2024

It is possible to restrict the fields that are returned in this document by specifying the 'field' parameter in your request.
For example, to request only the issue key and summary append 'field=key&field=summary' to the URL of your request.
-->
<rss version="0.92" >
<channel>
    <title>MongoDB Jira</title>
    <link>https://jira.mongodb.org</link>
    <description>This file is an XML representation of an issue</description>
    <language>en-us</language>    <build-info>
        <version>9.7.1</version>
        <build-number>970001</build-number>
        <build-date>13-04-2023</build-date>
    </build-info>


<item>
            <title>[SERVER-47773] geoNear invariant on mongos</title>
                <link>https://jira.mongodb.org/browse/SERVER-47773</link>
                <project id="10000" key="SERVER">Core Server</project>
                    <description>&lt;div class=&quot;panel&quot; style=&quot;background-color: #eeeeee;border-color: #cccccc;border-width: 1px;&quot;&gt;&lt;div class=&quot;panelHeader&quot; style=&quot;border-bottom-width: 1px;border-bottom-color: #cccccc;background-color: #6cb33f;&quot;&gt;&lt;b&gt;CVE-2020-7923&lt;/b&gt;&lt;/div&gt;&lt;div class=&quot;panelContent&quot; style=&quot;background-color: #eeeeee;&quot;&gt;
&lt;p&gt;&lt;b&gt;Affected versions:&lt;/b&gt;&lt;br/&gt;
 This issue affects - MongoDB Inc. MongoDB Server:&lt;/p&gt;

&lt;p&gt;&lt;b&gt;Title:&lt;/b&gt;&lt;br/&gt;
 Specific GeoQuery can cause DoS against MongoDB Server&lt;/p&gt;

&lt;p&gt;&lt;b&gt;Description:&lt;/b&gt;&lt;br/&gt;
 A user authorized to perform database queries may cause denial of service by issuing specially crafted queries, which violate an invariant in the query subsystem&apos;s support for geoNear. This issue affects: MongoDB Inc. MongoDB Server v4.4 versions prior to 4.4.0-rc7; v4.2 versions prior to 4.2.8; v4.0 versions prior to 4.0.19.&lt;/p&gt;

&lt;p&gt;&lt;b&gt;CVSS score:&lt;/b&gt;&lt;br/&gt;
 6.5 using the following scoring metrics:&lt;br/&gt;
 AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H&lt;/p&gt;

&lt;p&gt;&lt;b&gt;CWE:&lt;/b&gt;&lt;br/&gt;
 &apos;CWE-755: Improper Handling of Exceptional Conditions&apos;.&lt;/p&gt;
&lt;ul&gt;
	&lt;li&gt;v4.4 versions prior to 4.4.0-rc7;&lt;/li&gt;
	&lt;li&gt;v4.2 versions prior to 4.2.8;&lt;/li&gt;
	&lt;li&gt;v4.0 versions prior to 4.0.19.&lt;/li&gt;
&lt;/ul&gt;
&lt;/div&gt;&lt;/div&gt;</description>
                <environment></environment>
        <key id="1328589">SERVER-47773</key>
            <summary>geoNear invariant on mongos</summary>
                <type id="1" iconUrl="https://jira.mongodb.org/secure/viewavatar?size=xsmall&amp;avatarId=14703&amp;avatarType=issuetype">Bug</type>
                                            <priority id="3" iconUrl="https://jira.mongodb.org/images/icons/priorities/major.svg">Major - P3</priority>
                        <status id="6" iconUrl="https://jira.mongodb.org/images/icons/statuses/closed.png" description="The issue is considered finished, the resolution is correct. Issues which are closed can be reopened.">Closed</status>
                    <statusCategory id="3" key="done" colorName="success"/>
                                    <resolution id="13201">Fixed</resolution>
                                        <assignee username="andrew.paroski@mongodb.com">Drew Paroski</assignee>
                                    <reporter username="ian.boros@mongodb.com">Ian Boros</reporter>
                        <labels>
                            <label>qexec-team</label>
                    </labels>
                <created>Fri, 24 Apr 2020 21:40:26 +0000</created>
                <updated>Sun, 29 Oct 2023 22:09:03 +0000</updated>
                            <resolved>Fri, 1 May 2020 16:30:34 +0000</resolved>
                                    <version>4.2.6</version>
                    <version>4.0.18</version>
                    <version>4.4.0-rc2</version>
                                    <fixVersion>4.0.19</fixVersion>
                    <fixVersion>4.2.8</fixVersion>
                    <fixVersion>4.4.0-rc7</fixVersion>
                    <fixVersion>4.7.0</fixVersion>
                                    <component>Querying</component>
                                        <votes>0</votes>
                                    <watches>5</watches>
                                                                                                                <comments>
                            <comment id="3179747" author="xgen-internal-githook" created="Tue, 2 Jun 2020 14:45:11 +0000"  >&lt;p&gt;Author:&lt;/p&gt;
{&apos;name&apos;: &apos;Drew Paroski&apos;, &apos;email&apos;: &apos;drew.paroski@mongodb.com&apos;, &apos;username&apos;: &apos;paroski&apos;}
&lt;p&gt;Message: &lt;a href=&quot;https://jira.mongodb.org/browse/SERVER-47773&quot; title=&quot;geoNear invariant on mongos&quot; class=&quot;issue-link&quot; data-issue-key=&quot;SERVER-47773&quot;&gt;&lt;del&gt;SERVER-47773&lt;/del&gt;&lt;/a&gt; Error consistently when tailable cursors and $near are used together&lt;/p&gt;

&lt;p&gt;(cherry picked from commit c8ced6df8f620daaa2e539f192f2eef356c63e9c)&lt;br/&gt;
(cherry picked from commit e9c31e791b2e056c016c048d7e21c59e0e2452ea)&lt;br/&gt;
(cherry picked from commit 444dab325b5351ddd566da1d5365ec8728a06634)&lt;br/&gt;
Branch: v4.0&lt;br/&gt;
&lt;a href=&quot;https://github.com/mongodb/mongo/commit/7e28f4296a04d858a2e3dd84a1e79c9ba59a9568&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb/mongo/commit/7e28f4296a04d858a2e3dd84a1e79c9ba59a9568&lt;/a&gt;&lt;/p&gt;</comment>
                            <comment id="3132882" author="xgen-internal-githook" created="Wed, 27 May 2020 21:49:49 +0000"  >&lt;p&gt;Author:&lt;/p&gt;
{&apos;name&apos;: &apos;Drew Paroski&apos;, &apos;email&apos;: &apos;drew.paroski@mongodb.com&apos;, &apos;username&apos;: &apos;paroski&apos;}
&lt;p&gt;Message: &lt;a href=&quot;https://jira.mongodb.org/browse/SERVER-47773&quot; title=&quot;geoNear invariant on mongos&quot; class=&quot;issue-link&quot; data-issue-key=&quot;SERVER-47773&quot;&gt;&lt;del&gt;SERVER-47773&lt;/del&gt;&lt;/a&gt; Error consistently when tailable cursors and $near are used together&lt;/p&gt;

&lt;p&gt;(cherry picked from commit c8ced6df8f620daaa2e539f192f2eef356c63e9c)&lt;br/&gt;
(cherry picked from commit e9c31e791b2e056c016c048d7e21c59e0e2452ea)&lt;br/&gt;
Branch: v4.2&lt;br/&gt;
&lt;a href=&quot;https://github.com/mongodb/mongo/commit/444dab325b5351ddd566da1d5365ec8728a06634&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb/mongo/commit/444dab325b5351ddd566da1d5365ec8728a06634&lt;/a&gt;&lt;/p&gt;</comment>
                            <comment id="3095017" author="xgen-internal-githook" created="Tue, 19 May 2020 14:40:25 +0000"  >&lt;p&gt;Author:&lt;/p&gt;
{&apos;name&apos;: &apos;Drew Paroski&apos;, &apos;email&apos;: &apos;drew.paroski@mongodb.com&apos;, &apos;username&apos;: &apos;paroski&apos;}
&lt;p&gt;Message: &lt;a href=&quot;https://jira.mongodb.org/browse/SERVER-47773&quot; title=&quot;geoNear invariant on mongos&quot; class=&quot;issue-link&quot; data-issue-key=&quot;SERVER-47773&quot;&gt;&lt;del&gt;SERVER-47773&lt;/del&gt;&lt;/a&gt; Error consistently when tailable cursors and $near are used together&lt;/p&gt;

&lt;p&gt;(cherry picked from commit c8ced6df8f620daaa2e539f192f2eef356c63e9c)&lt;br/&gt;
Branch: v4.4&lt;br/&gt;
&lt;a href=&quot;https://github.com/mongodb/mongo/commit/e9c31e791b2e056c016c048d7e21c59e0e2452ea&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb/mongo/commit/e9c31e791b2e056c016c048d7e21c59e0e2452ea&lt;/a&gt;&lt;/p&gt;</comment>
                            <comment id="3063763" author="xgen-internal-githook" created="Thu, 30 Apr 2020 23:44:21 +0000"  >&lt;p&gt;Author:&lt;/p&gt;
{&apos;name&apos;: &apos;Drew Paroski&apos;, &apos;email&apos;: &apos;drew.paroski@mongodb.com&apos;, &apos;username&apos;: &apos;paroski&apos;}
&lt;p&gt;Message: &lt;a href=&quot;https://jira.mongodb.org/browse/SERVER-47773&quot; title=&quot;geoNear invariant on mongos&quot; class=&quot;issue-link&quot; data-issue-key=&quot;SERVER-47773&quot;&gt;&lt;del&gt;SERVER-47773&lt;/del&gt;&lt;/a&gt; Error consistently when tailable cursors and $near are used together&lt;br/&gt;
Branch: master&lt;br/&gt;
&lt;a href=&quot;https://github.com/mongodb/mongo/commit/c8ced6df8f620daaa2e539f192f2eef356c63e9c&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb/mongo/commit/c8ced6df8f620daaa2e539f192f2eef356c63e9c&lt;/a&gt;&lt;/p&gt;</comment>
                    </comments>
                <issuelinks>
                            <issuelinktype id="10420">
                    <name>Backports</name>
                                            <outwardlinks description="backported by">
                                                        </outwardlinks>
                                                        </issuelinktype>
                            <issuelinktype id="10011">
                    <name>Depends</name>
                                                                <inwardlinks description="is depended on by">
                                                        </inwardlinks>
                                    </issuelinktype>
                            <issuelinktype id="10012">
                    <name>Related</name>
                                            <outwardlinks description="related to">
                                                        </outwardlinks>
                                                        </issuelinktype>
                    </issuelinks>
                <attachments>
                    </attachments>
                <subtasks>
                    </subtasks>
                <customfields>
                                                <customfield id="customfield_10050" key="com.atlassian.jira.toolkit:comments">
                        <customfieldname># Replies</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>4.0</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_18555" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname># of Sprints</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>2.0</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                <customfield id="customfield_12450" key="com.atlassian.jira.plugin.system.customfieldtypes:multicheckboxes">
                        <customfieldname>Backport Requested</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue key="18953"><![CDATA[v4.4]]></customfieldvalue>
    <customfieldvalue key="16775"><![CDATA[v4.2]]></customfieldvalue>
    <customfieldvalue key="15640"><![CDATA[v4.0]]></customfieldvalue>
    
                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10011" key="com.atlassian.jira.plugin.system.customfieldtypes:radiobuttons">
                        <customfieldname>Backwards Compatibility</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue key="10038"><![CDATA[Fully Compatible]]></customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                    <customfield id="customfield_13552" key="com.go2group.jira.plugin.crm:crm_generic_field">
                        <customfieldname>Case</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue><![CDATA[[5002K00000pmmgQQAQ, 5002K00000pmnKZQAY]]]></customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                            <customfield id="customfield_10055" key="com.atlassian.jira.ext.charting:firstresponsedate">
                        <customfieldname>Date of 1st Reply</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>Mon, 27 Apr 2020 15:15:16 +0000</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10052" key="com.atlassian.jira.toolkit:dayslastcommented">
                        <customfieldname>Days since reply</customfieldname>
                        <customfieldvalues>
                                        3 years, 36 weeks, 1 day ago
    
                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_18254" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname>Dependencies</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue><![CDATA[]]></customfieldvalue>


                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_15850" key="com.atlassian.jira.plugins.jira-development-integration-plugin:devsummary">
                        <customfieldname>Development</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                            <customfield id="customfield_17052" key="com.atlassian.jira.plugin.system.customfieldtypes:textarea">
                        <customfieldname>Downstream Changes Summary</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>See comments in this JIRA ticket for details</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_17050" key="com.atlassian.jira.plugin.system.customfieldtypes:radiobuttons">
                        <customfieldname>Downstream Team Attention</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue key="16942"><![CDATA[Needed]]></customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                <customfield id="customfield_10057" key="com.atlassian.jira.toolkit:lastusercommented">
                        <customfieldname>Last comment by Customer</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>true</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                            <customfield id="customfield_10056" key="com.atlassian.jira.toolkit:lastupdaterorcommenter">
                        <customfieldname>Last commenter</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>luke.bonanomi@mongodb.com</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_11151" key="com.atlassian.jira.toolkit:LastCommentDate">
                        <customfieldname>Last public comment date</customfieldname>
                        <customfieldvalues>
                            3 years, 36 weeks, 1 day ago
                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_16465" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname>Linked BF Score</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>8.0</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                        <customfield id="customfield_10032" key="com.atlassian.jira.plugin.system.customfieldtypes:select">
                        <customfieldname>Operating System</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue key="10026"><![CDATA[ALL]]></customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                <customfield id="customfield_10051" key="com.atlassian.jira.toolkit:participants">
                        <customfieldname>Participants</customfieldname>
                        <customfieldvalues>
                                        <customfieldvalue>andrew.paroski@mongodb.com</customfieldvalue>
            <customfieldvalue>xgen-internal-githook</customfieldvalue>
            <customfieldvalue>ian.boros@mongodb.com</customfieldvalue>
    
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                        <customfield id="customfield_14254" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Product Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>1|hxhlvr:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                <customfield id="customfield_12550" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>2|hr5hvb:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10558" key="com.pyxis.greenhopper.jira:gh-global-rank">
                        <customfieldname>Rank (Obsolete)</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>9223372036854775807</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                            <customfield id="customfield_23361" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname>Requested By</customfieldname>
                        <customfieldvalues>
                                

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                        <customfield id="customfield_10557" key="com.pyxis.greenhopper.jira:gh-sprint">
                        <customfieldname>Sprint</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue id="3499">Query 2020-05-04</customfieldvalue>
    <customfieldvalue id="3500">Query 2020-05-18</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                <customfield id="customfield_17051" key="com.atlassian.jira.plugin.system.customfieldtypes:multicheckboxes">
                        <customfieldname>Teams Impacted</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue key="16946"><![CDATA[Triage and Release]]></customfieldvalue>
    
                        </customfieldvalues>
                    </customfield>
                                                                                            <customfield id="customfield_10053" key="com.atlassian.jira.ext.charting:timeinstatus">
                        <customfieldname>Time In Status</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                        <customfield id="customfield_22870" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname>Triagers</customfieldname>
                        <customfieldvalues>
                                

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_14350" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>serverRank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>1|hxh853:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                    </customfields>
    </item>
</channel>
</rss>