Summary
MongoDB is prone to a remote code execution vulnerability because it fails to properly sanitize user-supplied input.
Impact
An attacker can exploit this vulnerability to execute arbitrary code within the context of the affected application.
Solution
Update your software up to the latest version or disable the REST interface.
Insight
If an attacker manages to call the REST interface that is running on port 28017 by default, the attacker could execute SSJS code.
Affected
MongoDB 2.x is vulnerable.
Detection
Send a special crafted HTTP GET request and check the response.
References
