CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS
Percentile
47.8%
Incorrect validation of user input in the role name parser may lead to use of uninitialized memory allowing an unauthenticated attacker to use a specially crafted request to cause a denial of service. This issue affects MongoDB Server v4.4 versions prior to 4.4.0-rc12; MongoDB Server v4.2 versions prior to 4.2.9.
Vendor | Product | Version | CPE |
---|---|---|---|
mongodb | mongodb | * | cpe:2.3:a:mongodb:mongodb:*:*:*:*:*:*:*:* |
mongodb | mongodb | 4.4.0 | cpe:2.3:a:mongodb:mongodb:4.4.0:rc1:*:*:*:*:*:* |
mongodb | mongodb | 4.4.0 | cpe:2.3:a:mongodb:mongodb:4.4.0:rc10:*:*:*:*:*:* |
mongodb | mongodb | 4.4.0 | cpe:2.3:a:mongodb:mongodb:4.4.0:rc11:*:*:*:*:*:* |
mongodb | mongodb | 4.4.0 | cpe:2.3:a:mongodb:mongodb:4.4.0:rc2:*:*:*:*:*:* |
mongodb | mongodb | 4.4.0 | cpe:2.3:a:mongodb:mongodb:4.4.0:rc3:*:*:*:*:*:* |
mongodb | mongodb | 4.4.0 | cpe:2.3:a:mongodb:mongodb:4.4.0:rc4:*:*:*:*:*:* |
mongodb | mongodb | 4.4.0 | cpe:2.3:a:mongodb:mongodb:4.4.0:rc5:*:*:*:*:*:* |
mongodb | mongodb | 4.4.0 | cpe:2.3:a:mongodb:mongodb:4.4.0:rc6:*:*:*:*:*:* |
mongodb | mongodb | 4.4.0 | cpe:2.3:a:mongodb:mongodb:4.4.0:rc7:*:*:*:*:*:* |
[
{
"defaultStatus": "unaffected",
"product": "MongoDB Server",
"vendor": "MongoDB Inc.",
"versions": [
{
"lessThan": "4.2.9",
"status": "affected",
"version": "4.2",
"versionType": "custom"
},
{
"lessThan": "4.4.0-rc12",
"status": "affected",
"version": "4.4",
"versionType": "custom"
}
]
}
]
More
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS
Percentile
47.8%