CVE-2020-7929 — Incorrect Regular Expression in INC Mongodb Server

CWE-185 — Incorrect Regular Expression CWE-20 — Improper Input Validation5 documents5 sources

Severity

6.5MEDIUMNVD

EPSS

0.4%

top 36.75%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mongodb INC Mongodb Server Mongodb

Timeline

PublishedMar 1

Latest updateMay 24

Description

A user authorized to perform database queries may trigger denial of service by issuing specially crafted query contain a type of regex. This issue affects MongoDB Server v3.6 versions prior to 3.6.21 and MongoDB Server v4.0 versions prior to 4.0.20.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5mongodb_inc/mongodb_server3.6 — 3.6.21+1

▶NVDmongodb/mongodb3.6.0 — 3.6.21+1

Patches

Patch: jira.mongodb.org ↗Patch: jira.mongodb.org ↗

🔴Vulnerability Details

GHSA

GHSA-4jpm-qv63-23qh: A user authorized to perform database queries may trigger denial of service by issuing specially crafted query contain a type of regex↗2022-05-24

▶

OSV

CVE-2020-7929: A user authorized to perform database queries may trigger denial of service by issuing specially crafted query contain a type of regex↗2021-03-01

▶

CVEList

Specially crafted regex query can cause DoS↗2021-03-01

▶

📋Vendor Advisories

Red Hat

mongodb: Denial of service through specially crafted regex↗2021-03-01

▶