CVE-2020-7926
Specific query can cause a DoS against MongoDB Server
6.5
MEDIUM
CVSS 3.1
EPSS 0.44%
Description
A user authorized to perform database queries may cause denial of service by issuing a specially crafted query which violates an invariant in the server selection subsystem. This issue affects MongoDB Server v4.4 versions prior to 4.4.1. Versions before 4.4 are not affected.
How to fix CVE-2020-7926
To remediate CVE-2020-7926, upgrade the affected package to a fixed version below.
- —upgrade to 4.4.1 or later
Is CVE-2020-7926 being exploited?
Low — EPSS is 0.4%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- >= 4.4.0, < 4.4.1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM6.5 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |