CVE-2020-7923

MEDIUM

MongoDB <4.4.0-rc7, <4.2.8, <4.0.19 - DoS

Title source: llm

Description

A user authorized to perform database queries may cause denial of service by issuing specially crafted queries, which violate an invariant in the query subsystem's support for geoNear. This issue affects MongoDB Server v4.4 versions prior to 4.4.0-rc7; MongoDB Server v4.2 versions prior to 4.2.8 and MongoDB Server v4.0 versions prior to 4.0.19.

References (1)

[Issue Tracking, Patch, Vendor Advisory] https://jira.mongodb.org/browse/SERVER-47773

Scores

CVSS v3 6.5

EPSS 0.0044

EPSS Percentile 62.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Classification

CWE

CWE-755

Status published

Affected Products (1)

mongodb/mongodb < 4.0.19

Timeline

Published Aug 21, 2020

Tracked Since Feb 18, 2026