The host is installed with MongoDB 3.6 before 3.6.20, 4.4 before 4.4.1, 4.2 before 4.2.9 or 4.0 before 4.0.20 and is prone to an improper neutralization of null byte vulnerability. A flaw is present in the application which fails to handle specially crafted queries. Successful exploitation can allow access to arbitrary memory.