cvelist/2019/20xxx/CVE-2019-20924.json

{
    "data_version": "4.0",
    "data_type": "CVE",
    "data_format": "MITRE",
    "CVE_data_meta": {
        "ID": "CVE-2019-20924",
        "ASSIGNER": "cna@mongodb.com",
        "STATE": "PUBLIC"
    },
    "description": {
        "description_data": [
            {
                "lang": "eng",
                "value": "A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries which trigger an invariant in the IndexBoundsBuilder. This issue affects MongoDB Server v4.2 versions prior to 4.2.2.\n\n"
            }
        ]
    },
    "problemtype": {
        "problemtype_data": [
            {
                "description": [
                    {
                        "lang": "eng",
                        "value": "CWE-394 Unexpected Status Code or Return Value",
                        "cweId": "CWE-394"
                    }
                ]
            }
        ]
    },
    "affects": {
        "vendor": {
            "vendor_data": [
                {
                    "vendor_name": "MongoDB Inc.",
                    "product": {
                        "product_data": [
                            {
                                "product_name": "MongoDB Server",
                                "version": {
                                    "version_data": [
                                        {
                                            "version_affected": "<",
                                            "version_name": "4.2",
                                            "version_value": "4.2.2"
                                        }
                                    ]
                                }
                            }
                        ]
                    }
                }
            ]
        }
    },
    "references": {
        "reference_data": [
            {
                "url": "https://jira.mongodb.org/browse/SERVER-44377",
                "refsource": "MISC",
                "name": "https://jira.mongodb.org/browse/SERVER-44377"
            }
        ]
    },
    "generator": {
        "engine": "Vulnogram 0.0.9"
    },
    "source": {
        "discovery": "INTERNAL"
    },
    "impact": {
        "cvss": [
            {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
            }
        ]
    }
}
"-Synchronized-Data." 2020-10-06 17:01:49 +00:00			`{`
"-Synchronized-Data." 2024-01-23 16:00:33 +00:00			`"data_version": "4.0",`
			`"data_type": "CVE",`
			`"data_format": "MITRE",`
"-Synchronized-Data." 2020-10-06 17:01:49 +00:00			`"CVE_data_meta": {`
			`"ID": "CVE-2019-20924",`
"-Synchronized-Data." 2024-01-23 16:00:33 +00:00			`"ASSIGNER": "cna@mongodb.com",`
			`"STATE": "PUBLIC"`
			`},`
			`"description": {`
			`"description_data": [`
			`{`
			`"lang": "eng",`
			`"value": "A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries which trigger an invariant in the IndexBoundsBuilder. This issue affects MongoDB Server v4.2 versions prior to 4.2.2.\n\n"`
			`}`
			`]`
			`},`
			`"problemtype": {`
			`"problemtype_data": [`
			`{`
			`"description": [`
			`{`
			`"lang": "eng",`
			`"value": "CWE-394 Unexpected Status Code or Return Value",`
			`"cweId": "CWE-394"`
			`}`
			`]`
			`}`
			`]`
"-Synchronized-Data." 2020-10-06 17:01:49 +00:00			`},`
Added CVE-2019-20924 2020-11-23 16:27:08 +01:00			`"affects": {`
			`"vendor": {`
			`"vendor_data": [`
			`{`
"-Synchronized-Data." 2024-01-23 16:00:33 +00:00			`"vendor_name": "MongoDB Inc.",`
Added CVE-2019-20924 2020-11-23 16:27:08 +01:00			`"product": {`
			`"product_data": [`
			`{`
			`"product_name": "MongoDB Server",`
			`"version": {`
			`"version_data": [`
			`{`
			`"version_affected": "<",`
			`"version_name": "4.2",`
			`"version_value": "4.2.2"`
			`}`
			`]`
			`}`
			`}`
			`]`
"-Synchronized-Data." 2024-01-23 16:00:33 +00:00			`}`
Added CVE-2019-20924 2020-11-23 16:27:08 +01:00			`}`
			`]`
			`}`
			`},`
"-Synchronized-Data." 2024-01-23 16:00:33 +00:00			`"references": {`
			`"reference_data": [`
"-Synchronized-Data." 2020-10-06 17:01:49 +00:00			`{`
"-Synchronized-Data." 2024-01-23 16:00:33 +00:00			`"url": "https://jira.mongodb.org/browse/SERVER-44377",`
			`"refsource": "MISC",`
			`"name": "https://jira.mongodb.org/browse/SERVER-44377"`
Added CVE-2019-20924 2020-11-23 16:27:08 +01:00			`}`
			`]`
			`},`
			`"generator": {`
			`"engine": "Vulnogram 0.0.9"`
			`},`
"-Synchronized-Data." 2024-01-23 16:00:33 +00:00			`"source": {`
			`"discovery": "INTERNAL"`
Added CVE-2019-20924 2020-11-23 16:27:08 +01:00			`},`
"-Synchronized-Data." 2024-01-23 16:00:33 +00:00			`"impact": {`
			`"cvss": [`
Added CVE-2019-20924 2020-11-23 16:27:08 +01:00			`{`
"-Synchronized-Data." 2024-01-23 16:00:33 +00:00			`"attackComplexity": "LOW",`
			`"attackVector": "NETWORK",`
			`"availabilityImpact": "HIGH",`
			`"baseScore": 6.5,`
			`"baseSeverity": "MEDIUM",`
			`"confidentialityImpact": "NONE",`
			`"integrityImpact": "NONE",`
			`"privilegesRequired": "LOW",`
			`"scope": "UNCHANGED",`
			`"userInteraction": "NONE",`
			`"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",`
			`"version": "3.1"`
Added CVE-2019-20924 2020-11-23 16:27:08 +01:00			`}`
			`]`
"-Synchronized-Data." 2020-10-06 17:01:49 +00:00			`}`
			`}`