CVE-2019-20923

MEDIUM

MongoDB Server <4.0.7 - DoS

Title source: llm

Description

A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries, which throw unhandled Javascript exceptions containing types intended to be scoped to the Javascript engine's internals. This issue affects MongoDB Server v4.0 versions prior to 4.0.7.

References (1)

[Issue Tracking, Vendor Advisory] https://jira.mongodb.org/browse/SERVER-39481

Scores

CVSS v3 6.5

EPSS 0.0043

EPSS Percentile 62.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-749

Status published

Products (1)

mongodb/mongodb 4.0.0 - 4.0.7

Published Nov 23, 2020

Tracked Since Feb 18, 2026