CVE ID: CVE-2020-7929
Title: Specially crafted regex query can cause DoS
Description: A user authorized to perform database queries may trigger denial of service by issuing specially crafted query contain a type of regex. This issue affects: MongoDB Inc.
MongoDB Server v3.6 versions prior to 3.6.21 and MongoDB Server v4.0 versions prior to 4.0.20;
CVSS score: 6.5 (https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H&version=3.1)
Affected products and versions:
MongoDB Server v3.6 versions prior to 3.6.21
MongoDB Server v4.0 versions prior to 4.0.20
CWE ID: CWE-185: Incorrect Regular Expression
- is related to
-
SERVER-12204 Buffer::readUTF8String in bson_validate.cpp should validate utf8
- Closed
-
SERVER-39697 Regex MatchExpression should error at parse time if the regex is not valid
- Closed