Description

The find prototype in scripting/engine_v8.h in MongoDB 2.4.0 through 2.4.4 allows remote authenticated users to cause a denial of service (uninitialized pointer dereference and server crash) or possibly execute arbitrary code via an invalid RefDB object.

Remediation

References

CVE-2013-3969

Related Vulnerabilities

PrestaShop Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2022-21686)

Moodle Improper Check for Dropped Privileges Vulnerability (CVE-2019-14879)

WordPress Plugin Icon Widget Cross-Site Scripting (1.2.6)

WordPress Plugin WP Maps-Display Google Maps Perfectly with Ease SQL Injection (4.1.4)

WordPress Plugin WP OAuth Server (OAuth Authentication) Security Bypass (3.1.4)

Severity

Medium

Classification

CVE-2013-3969

Tags

Missing Update Known Vulnerabilities