{"vulnerability": "cve-2019-2092", "sightings": [{"uuid": "ac45ae08-df99-4308-9214-090b49694f55", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-20925", "type": "seen", "source": "https://t.me/cibsecurity/16767", "content": "\u203c CVE-2019-20925 \u203c\n\nAn unauthenticated client can trigger denial of service by issuing specially crafted wire protocol messages, which cause the message decompressor to incorrectly allocate memory. This issue affects: MongoDB Inc. MongoDB Server v4.2 versions prior to 4.2.1; v4.0 versions prior to 4.0.13; v3.6 versions prior to 3.6.15; v3.4 versions prior to 3.4.24.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-11-24T14:46:37.000000Z"}, {"uuid": "5c4e74f3-10b7-48ed-9a70-5f548be8ef81", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-20923", "type": "seen", "source": "https://t.me/cibsecurity/16702", "content": "\u203c CVE-2019-20923 \u203c\n\nA user authorized to perform database queries may trigger denial of service by issuing specially crafted queries, which throw unhandled Javascript exceptions containing types intended to be scoped to the Javascript engine's internals. This issue affects: MongoDB Inc. MongoDB Server v4.0 versions prior to 4.0.7.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-11-23T18:45:54.000000Z"}, {"uuid": "5dc8cf81-a7b9-492c-a4c7-684ea97b8e55", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-20921", "type": "seen", "source": "https://t.me/cibsecurity/14962", "content": "\u203c CVE-2019-20921 \u203c\n\nbootstrap-select before 1.13.6 allows Cross-Site Scripting (XSS). It does not escape title values in OPTION elements. This may allow attackers to execute arbitrary JavaScript in a victim's browser.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-09-30T22:52:14.000000Z"}, {"uuid": "b56ea835-937e-4110-9e53-5a1f671c54c7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-20924", "type": "seen", "source": "https://t.me/cibsecurity/16705", "content": "\u203c CVE-2019-20924 \u203c\n\nA user authorized to perform database queries may trigger denial of service by issuing specially crafted queries which trigger an invariant in the IndexBoundsBuilder. This issue affects: MongoDB Inc. MongoDB Server v4.2 versions prior to 4.2.2.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-11-23T18:45:57.000000Z"}]}