A user authorized to perform database queries may trigger denial of service by issuing specially crafted query contain a type of regex. This issue affects: MongoDB Inc. MongoDB Server v3.6 versions prior to 3.6.21 and MongoDB Server v4.0 versions prior to 4.0.20. References: https://jira.mongodb.org/browse/SERVER-51083
Upstream patches: https://github.com/mongodb/mongo/commit/64095239f41e9f3841d8be9088347db56d35c891 [v4.0] https://github.com/mongodb/mongo/commit/b0ef26c639112b50648a02d969298650fbd402a4 [v3.6] https://github.com/mongodb/mongo/commit/51caad0e005e1a6dc1bd529cb809ba0d7d5eef0d [v3.6]
External References: https://jira.mongodb.org/browse/SERVER-51083