VYPR

Bitnami package

mongodb

pkg:bitnami/mongodb

Vulnerabilities (85)

  • CVE-2020-7928MedNov 23, 2020
    affected >= 3.6.0, < 3.6.20fixed 3.6.20

    A user authorized to perform database queries may trigger a read overrun and access arbitrary memory by issuing specially crafted queries. This issue affects MongoDB Server v4.4 versions prior to 4.4.1; MongoDB Server v4.2 versions prior to 4.2.9; MongoDB Server v4.0 versions pri

  • CVE-2020-7926MedNov 23, 2020
    affected >= 4.4.0, < 4.4.1fixed 4.4.1

    A user authorized to perform database queries may cause denial of service by issuing a specially crafted query which violates an invariant in the server selection subsystem. This issue affects MongoDB Server v4.4 versions prior to 4.4.1. Versions before 4.4 are not affected.

  • CVE-2020-7925HigNov 23, 2020
    affected >= 4.2.0, < 4.2.9fixed 4.2.9

    Incorrect validation of user input in the role name parser may lead to use of uninitialized memory allowing an unauthenticated attacker to use a specially crafted request to cause a denial of service. This issue affects MongoDB Server v4.4 versions prior to 4.4.0-rc12; MongoDB Se

  • CVE-2020-7923MedAug 21, 2020
    affected >= 4.0.0, < 4.0.19fixed 4.0.19

    A user authorized to perform database queries may cause denial of service by issuing specially crafted queries, which violate an invariant in the query subsystem's support for geoNear. This issue affects MongoDB Server v4.4 versions prior to 4.4.0-rc7; MongoDB Server v4.2 version

  • CVE-2020-7921MedMay 6, 2020
    affected >= 3.6.0, < 3.6.18fixed 3.6.18

    Improper serialization of internal state in the authorization subsystem in MongoDB Server's authorization subsystem permits a user with valid credentials to bypass IP whitelisting protection mechanisms following administrative action. This issue affects MongoDB Server v4.2 versio

Page 5 of 5