Invariant failure in applyOps
CVE-2018-20804

6.5MEDIUM

Key Information:

Vendor: MongoDB
Status: Mongodb Server
Vendor: CVE Published:; 23 November 2020

Summary

A user authorized to perform database queries may trigger denial of service by issuing specially crafted applyOps invocations. This issue affects MongoDB Server v4.0 versions prior to 4.0.10 and MongoDB Server v3.6 versions prior to 3.6.13.

Affected Version(s)

MongoDB Server 3.6 < 3.6.13

MongoDB Server 4.0 < 4.0.10

References

https://jira.mongodb.org/browse/SERVER-35636

x_refsource_CONFIRM

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 23, 2020
Vulnerability Reserved
Mar 15, 2019