-
Type: Improvement
-
Resolution: Won't Fix
-
Priority: Minor - P4
-
None
-
Affects Version/s: None
-
Component/s: Security
-
None
-
Query
In CmdExplain::checkAuthForOperation(), we recursively check auth on the contained command. An unauthorized user could then attempt to run an explain on nested explains in an attempt to force the server to consume more resources.
The severity of this is minor because we're mostly saved by the BSON depth limit enforced in SERVER-26703.
- is related to
-
SERVER-26703 Inserting deeply-nested documents should fail with error
- Closed