6

CVE-2013-1892

Exploit

MongoDB before 2.0.9 and 2.2.x before 2.2.4 does not properly validate requests to the nativeHelper function in SpiderMonkey, which allows remote authenticated users to cause a denial of service (invalid memory access and server crash) or execute arbitrary code via a crafted memory address in the first argument.

Data is provided by the National Vulnerability Database (NVD)
MongodbMongodb Version <= 2.0.8
MongodbMongodb Version1.2.0
MongodbMongodb Version1.4.0
MongodbMongodb Version1.6.0
MongodbMongodb Version1.8.0
MongodbMongodb Version2.0.0
MongodbMongodb Version2.0.1
MongodbMongodb Version2.0.2
MongodbMongodb Version2.0.3
MongodbMongodb Version2.0.4
MongodbMongodb Version2.0.5
MongodbMongodb Version2.0.6
MongodbMongodb Version2.0.7
MongodbMongodb Version2.2.0
MongodbMongodb Version2.2.1
MongodbMongodb Version2.2.2
MongodbMongodb Version2.2.3
RedhatEnterprise Mrg Version2.3
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 52.33% 0.979
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 6 6.8 6.4
AV:N/AC:M/Au:S/C:P/I:P/A:P
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.