CVE-2020-7929
- Source
- https://cve.org/CVERecord?id=CVE-2020-7929
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-7929.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2020-7929
- Aliases
- Downstream
- Published
- 2021-03-01T16:15:12.747Z
- Modified
- 2026-03-13T00:44:37.365947Z
- Severity
-
- 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
A user authorized to perform database queries may trigger denial of service by issuing specially crafted query contain a type of regex. This issue affects MongoDB Server v3.6 versions prior to 3.6.21 and MongoDB Server v4.0 versions prior to 4.0.20.
- References
Affected packages
Git / github.com/mongodb/mongo
Affected versions
r3.*
r3.6.0
r3.6.1
r3.6.1-rc0
r3.6.1-rc1
r3.6.10
r3.6.10-rc0
r3.6.10-rc1
r3.6.11
r3.6.11-rc0
r3.6.11-rc1
r3.6.11-rc2
r3.6.12
r3.6.12-rc0
r3.6.12-rc1
r3.6.13
r3.6.13-rc0
r3.6.13-rc1
r3.6.14
r3.6.14-rc0
r3.6.15
r3.6.15-rc0
r3.6.15-rc1
r3.6.16
r3.6.16-rc0
r3.6.17
r3.6.17-rc0
r3.6.18
r3.6.18-rc0
r3.6.19
r3.6.19-rc0
r3.6.2
r3.6.2-rc0
r3.6.20
r3.6.20-rc0
r3.6.20-rc1
r3.6.20-rc2
r3.6.21-rc0
r3.6.21-rc1
r3.6.21-rc2
r3.6.3
r3.6.3-rc0
r3.6.3-rc1
r3.6.4
r3.6.4-rc0
r3.6.5
r3.6.5-rc0
r3.6.6
r3.6.6-rc0
r3.6.7
r3.6.7-rc0
r3.6.7-rc1
r3.6.8
r3.6.8-rc0
r3.6.8-rc1
r3.6.9
r3.6.9-rc0
r4.*
r4.0.0
r4.0.1
r4.0.1-rc0
r4.0.1-rc1
r4.0.10
r4.0.10-rc0
r4.0.10-rc1
r4.0.11
r4.0.11-rc0
r4.0.12
r4.0.12-rc0
r4.0.12-rc1
r4.0.12-rc2
r4.0.13
r4.0.13-rc0
r4.0.14
r4.0.14-rc0
r4.0.14-rc1
r4.0.15
r4.0.15-rc0
r4.0.16
r4.0.16-rc0
r4.0.17
r4.0.17-rc0
r4.0.18
r4.0.18-rc0
r4.0.19
r4.0.19-rc0
r4.0.2
r4.0.2-rc0
r4.0.3
r4.0.3-rc0
r4.0.4
r4.0.4-rc0
r4.0.4-rc1
r4.0.4-rc2
r4.0.5
r4.0.5-rc0
r4.0.5-rc1
r4.0.6
r4.0.6-rc0
r4.0.6-rc1
r4.0.7
r4.0.7-rc0
r4.0.7-rc1
r4.0.8
r4.0.8-rc0
r4.0.9
r4.0.9-rc0