Back to search
CVE-2013-1892
Published: Oct 1, 2013
Modified: Aug 6, 2024
PUBLISHED
Description
MongoDB before 2.0.9 and 2.2.x before 2.2.4 does not properly validate requests to the nativeHelper function in SpiderMonkey, which allows remote authenticated users to cause a denial of service (invalid memory access and server crash) or execute arbitrary code via a crafted memory address in the first argument.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
RHSA-2013:1170
vendor-advisory
x_refsource_REDHAT
24947
exploit
x_refsource_EXPLOIT-DB
[oss-security] 20130325 Re: CVE Request: Mongo DB
mailing-list
x_refsource_MLIST
FEDORA-2013-4539
vendor-advisory
x_refsource_FEDORA
http://blog.scrt.ch/2013/03/24/mongodb-0-day-ssji-to-rce/
x_refsource_MISC
24935
exploit
x_refsource_EXPLOIT-DB
https://jira.mongodb.org/browse/SERVER-9124
x_refsource_CONFIRM
http://www.mongodb.org/about/alerts/
x_refsource_CONFIRM
FEDORA-2013-4531
vendor-advisory
x_refsource_FEDORA
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now