MongoDB 3.6 < 3.6.19, 4.0 < 4.0.20, 4.2 < 4.2.9 DoS Vulnerability - Linux
Information
Severity
Severity
High
Family
Family
Databases
CVSSv2 Base
CVSSv2 Base
7.8
CVSSv2 Vector
CVSSv2 Vector
AV:N/AC:L/Au:N/C:N/I:N/A:C
Solution Type
Solution Type
Vendor Patch
Created
Created
1 year ago
Modified
Modified
1 year ago
Summary
MongoDB is prone to a denial of service (DoS) vulnerability.
Insight
Insight
Incorrect validation of user input in the role name parser may lead to use of uninitialized memory allowing an unauthenticated attacker to use a specially crafted request to cause a denial of service.
Affected Software
Affected Software
MongoDB versions 3.6 prior to 3.6.19, 4.0 prior to 4.0.20 and 4.2 prior to 4.2.9.
Detection Method
Detection Method
Checks if a vulnerable version is present on the target host.
Solution
Solution
Update to version 3.6.19, 4.0.20, 4.2.9 or later.
Common Vulnerabilities and Exposures (CVE)
References
Free Vulnerability Scanner
Mageni can help you to scan, assess and manage your vulnerabilities.