{"id":"CVE-2019-20923","details":"A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries, which throw unhandled Javascript exceptions containing types intended to be scoped to the Javascript engine's internals. This issue affects MongoDB Server v4.0 versions prior to 4.0.7.","modified":"2026-04-11T09:39:57.341700Z","published":"2020-11-23T16:15:12.807Z","references":[{"type":"REPORT","url":"https://jira.mongodb.org/browse/SERVER-39481"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/mongodb/mongo","events":[{"introduced":"3b07af3d4f471ae89e8186d33bbb1d5259597d51"},{"fixed":"1b82c812a9c0bbf6dc79d5400de9ea99e6ffa025"}],"database_specific":{"versions":[{"introduced":"4.0.0"},{"fixed":"4.0.7"}]}}],"versions":["r4.0.0","r4.0.1","r4.0.1-rc0","r4.0.1-rc1","r4.0.2","r4.0.2-rc0","r4.0.3","r4.0.3-rc0","r4.0.4","r4.0.4-rc0","r4.0.4-rc1","r4.0.4-rc2","r4.0.5","r4.0.5-rc0","r4.0.5-rc1","r4.0.6","r4.0.6-rc0","r4.0.6-rc1","r4.0.7-rc0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-20923.json","vanir_signatures":[{"signature_type":"Line","id":"CVE-2019-20923-4f349fd3","digest":{"line_hashes":["251686210180438972089602998276029502252","157902003668982517560202580081597505476","175627665517082254089072815120043500838","141140658618718221226993096662069086811","238093099207536527430445365199467622497","30281290875843906756852904790377619730","212578280189416373673624289153875234966","202429825949363366364327328796658174825","93105796035726403366956096372250437661","86443187433423783988852661374168496787","141695439785325867580178878640079511891","56441650779178889257787922567751553352","195678559981992731061079986030033805606","239641938715907585397000839412332682169","2191215861682051368416992699643706310","321253103778411554170861412627873380186","260965526147676633424058707213844861177","204820426195279739162855804448086184704","204298861497051585594734066186433247935"],"threshold":0.9},"signature_version":"v1","target":{"file":"src/mongo/db/pipeline/document_source_check_resume_token.cpp"},"deprecated":false,"source":"https://github.com/mongodb/mongo/commit/1b82c812a9c0bbf6dc79d5400de9ea99e6ffa025"},{"signature_type":"Function","id":"CVE-2019-20923-d68597b1","digest":{"length":1575,"function_hash":"55071997004148880126498516853248914450"},"signature_version":"v1","target":{"file":"src/mongo/db/pipeline/document_source_check_resume_token.cpp","function":"compareAgainstClientResumeToken"},"deprecated":false,"source":"https://github.com/mongodb/mongo/commit/1b82c812a9c0bbf6dc79d5400de9ea99e6ffa025"}],"vanir_signatures_modified":"2026-04-11T09:39:57Z"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}]}