The find prototype in scripting/engine_v8.h in MongoDB 2.4.0 through 2.4.4 allows remote authenticated users to cause a denial of service (uninitialized pointer dereference and server crash) or possibly execute arbitrary code via an invalid RefDB object.
Max CVSS
6.5
EPSS Score
2.54%
Published
2013-10-01
Updated
2013-10-02
CVE-2013-1892
Public exploit
MongoDB before 2.0.9 and 2.2.x before 2.2.4 does not properly validate requests to the nativeHelper function in SpiderMonkey, which allows remote authenticated users to cause a denial of service (invalid memory access and server crash) or execute arbitrary code via a crafted memory address in the first argument.
Max CVSS
6.0
EPSS Score
65.70%
Published
2013-10-01
Updated
2023-02-13
2 vulnerabilities found