vulnerability

MongoDB: Improper Input Validation (CVE-2020-7925)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
5	(AV:N/AC:L/Au:N/C:N/I:N/A:P)	Nov 23, 2020	Dec 4, 2020	Sep 18, 2024

Severity

CVSS

(AV:N/AC:L/Au:N/C:N/I:N/A:P)

Published

Nov 23, 2020

Added

Dec 4, 2020

Modified

Sep 18, 2024

Description

Incorrect validation of user input in the role name parser may lead to use of uninitialized memory allowing an unauthenticated attacker to use a specially crafted request to cause a denial of service. This issue affects MongoDB Server v4.4 versions prior to 4.4.0-rc12; MongoDB Server v4.2 versions prior to 4.2.9.

Solutions

mongodb-upgrade-4_2_9mongodb-upgrade-4_4_0-rc12

References

CVE-2020-7925
https://attackerkb.com/topics/CVE-2020-7925
URL-https://jira.mongodb.org/browse/SERVER-49142

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today