MongoDB 3.4.x < 3.4.10 / 3.5.x < 3.6.0-rc0 mongod
Medium Nessus Plugin ID 122363
SynopsisThe remote database server is affected by a vulnerability that may result in a denial of service or in the compromise of the server memory integrity.
DescriptionThe version of the remote MongoDB server is 3.4.x prior to 3.4.10 / 3.5.x prior to 3.6.0-rc0. It is, therefore, affected by a denial of service vulnerability in mongod networkMessageCompressors due to an implementation error. A remote, unauthenticated attacker can exploit this, to cause a denial of service or to modify server memory.
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
SolutionUpgrade to MongoDB version 3.4.10 / 3.6.0-rc0 or later.