Description

MongoDB before 2.0.9 and 2.2.x before 2.2.4 does not properly validate requests to the nativeHelper function in SpiderMonkey, which allows remote authenticated users to cause a denial of service (invalid memory access and server crash) or execute arbitrary code via a crafted memory address in the first argument.

Remediation

References

CVE-2013-1892

Related Vulnerabilities

WordPress Plugin Monarch Social Sharing Security Bypass (1.2.6)

WordPress Plugin CMS Tree Page View Cross-Site Request Forgery (1.2.4)

WordPress Plugin Yakadanda Google+ Hangout Events Cross-Site Scripting (0.3.7)

MySQL CVE-2019-2814 Vulnerability (CVE-2019-2814)

WordPress Plugin Badgearoo Cross-Site Scripting (1.0.8)

Severity

Medium

Classification

CVE-2013-1892 CWE-20

Tags

Missing Update Known Vulnerabilities