Home
HIGH: 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:NMEDIUM: 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HDefault status
unaffected
8.3.0 (semver) before 8.3.3
affected
8.2.0 (semver) before 8.2.10
affected
8.0.0 (semver) before 8.0.24
affected
7.0.0 (semver) before 7.0.35
affected
Description
An authenticated user can cause a MongoDB server to crash or return incorrect results by creating documents that interfere with internal metadata processing during query execution. This stems from insufficient separation between user-controlled document fields and internal metadata in certain execution paths.
Problem types
Product status
8.3.0 (semver) before 8.3.3
8.2.0 (semver) before 8.2.10
8.0.0 (semver) before 8.0.24
7.0.0 (semver) before 7.0.35
References
jira.mongodb.org/browse/SERVER-123633