vulnerability

MongoDB: CVE-2020-7923: Improper Handling of Exceptional Conditions

Try Surface Command

Back to search

Severity

CVSS

(AV:N/AC:L/Au:S/C:N/I:N/A:P)

Published

Aug 21, 2020

Added

Aug 27, 2020

Modified

Apr 27, 2026

Description

A user authorized to perform database queries may cause denial of service by issuing specially crafted queries, which violate an invariant in the query subsystem's support for geoNear. This issue affects MongoDB Server v4.4 versions prior to 4.4.0-rc7; MongoDB Server v4.2 versions prior to 4.2.8 and MongoDB Server v4.0 versions prior to 4.0.19.

Solutions

mongodb-upgrade-latestmongodb-upgrade-4_0_19mongodb-upgrade-4_2_8mongodb-upgrade-4_4_0

References

CVE-2020-7923
https://attackerkb.com/topics/CVE-2020-7923
https://jira.mongodb.org/browse/SERVER-47773
https://euvd.enisa.europa.eu/vulnerability/EUVD-2020-28854
CWE-755
EUVD-EUVD-2020-28854

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report