CVE-2019-20923 MEDIUM

CVE-2019-20923: Crash while handling internal Javascript exception types

Vendor Mongodb Inc.

Product MongoDB Server

Weakness CWE-749

Published November 23, 2020

Last update September 16, 2024

View on NVD All CVEs

CVSS base score

6.5/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality None

Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

What the vulnerability does

Description

A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries, which throw unhandled Javascript exceptions containing types intended to be scoped to the Javascript engine's internals. This issue affects MongoDB Server v4.0 versions prior to 4.0.7.

Key dates

Disclosure timeline

November 23, 2020 CVE published

September 16, 2024 Record updated