Description

MongoDB before 2.0.9 and 2.2.x before 2.2.4 does not properly validate requests to the nativeHelper function in SpiderMonkey, which allows remote authenticated users to cause a denial of service (invalid memory access and server crash) or execute arbitrary code via a crafted memory address in the first argument.

Remediation

References

CVE-2013-1892

Related Vulnerabilities

Lighttpd Resource Management Errors Vulnerability (CVE-2010-0295)

WordPress Plugin Awesome Studio Cross-Site Scripting (1.0.7)

WordPress Plugin WebLibrarian SQL Injection (3.5.4)

Oracle Database Server CVE-2006-0267 Vulnerability (CVE-2006-0267)

IBM Lotus Domino web server Cross-Site Scripting vulnerabilities

Severity

Medium

Classification

CVE-2013-1892 CWE-20

Tags

Missing Update Known Vulnerabilities