CVE-2020-7926

MEDIUM6.5EPSS 0.44%

Specific query can cause a DoS against MongoDB Server

Published: 3/6/2024Modified: 5/20/2025

Description

A user authorized to perform database queries may cause denial of service by issuing a specially crafted query which violates an invariant in the server selection subsystem. This issue affects MongoDB Server v4.4 versions prior to 4.4.1. Versions before 4.4 are not affected.

Affected packages (1)

Bitnami/mongodb>= 4.4.0, < 4.4.1

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	MEDIUM6.5	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

References (2)

WEBhttps://jira.mongodb.org/browse/SERVER-50170
WEBhttps://nvd.nist.gov/vuln/detail/CVE-2020-7926