CVE-2018-20804

MEDIUM

MongoDB 3.6.0-3.6.12 - Authenticated Denial of Service via applyOps Invocation

Title source: llm
STIX 2.1

Description

A user authorized to perform database queries may trigger denial of service by issuing specially crafted applyOps invocations. This issue affects MongoDB Server v4.0 versions prior to 4.0.10 and MongoDB Server v3.6 versions prior to 3.6.13.

References (1)

Core 1
Core References
Issue Tracking, Vendor Advisory x_refsource_confirm
https://jira.mongodb.org/browse/SERVER-35636

Scores

CVSS v3 6.5
EPSS 0.0123
EPSS Percentile 65.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Details

CWE
CWE-20
Status published
Products (1)
mongodb/mongodb 3.6.0 - 3.6.13
Published Nov 23, 2020
Tracked Since Feb 18, 2026