CVE-2019-20923
MEDIUMMongoDB 4.0.0-4.0.6 - Denial of Service via Unhandled JavaScript Exception
Title source: llmDescription
A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries, which throw unhandled Javascript exceptions containing types intended to be scoped to the Javascript engine's internals. This issue affects MongoDB Server v4.0 versions prior to 4.0.7.
References (1)
Core 1
Core References
Issue Tracking, Vendor Advisory x_refsource_confirm
https://jira.mongodb.org/browse/SERVER-39481
Scores
CVSS v3
6.5
EPSS
0.0125
EPSS Percentile
65.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-749
Status
published
Products (1)
mongodb/mongodb
4.0.0 - 4.0.7
Published
Nov 23, 2020
Tracked Since
Feb 18, 2026