CVE-2018-20805

MEDIUM

Mongodb < 3.6.10 - Denial of Service

Title source: rule

Description

A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries, which perform an $elemMatch . This issue affects MongoDB Server v4.0 versions prior to 4.0.5 and MongoDB Server v3.6 versions prior to 3.6.10.

References (1)

[Issue Tracking, Vendor Advisory] https://jira.mongodb.org/browse/SERVER-38164

Scores

CVSS v3 6.5

EPSS 0.0043

EPSS Percentile 62.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-834

Status published

Products (1)

mongodb/mongodb 3.6.0 - 3.6.10

Published Nov 23, 2020

Tracked Since Feb 18, 2026