CVE-2013-1892

CVSS V2 Medium 6 CVSS V3 None
Description
MongoDB before 2.0.9 and 2.2.x before 2.2.4 does not properly validate requests to the nativeHelper function in SpiderMonkey, which allows remote authenticated users to cause a denial of service (invalid memory access and server crash) or execute arbitrary code via a crafted memory address in the first argument.
Overview
  • CVE ID
  • CVE-2013-1892
  • Assigner
  • secalert@redhat.com
  • Vulnerability Status
  • Modified
  • Published Version
  • 2013-10-01T20:55:03
  • Last Modified Date
  • 2023-02-13T04:41:55
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
cpe:2.3:a:mongodb:mongodb:*:*:*:*:*:*:*:* 1 OR 2.0.8
cpe:2.3:a:mongodb:mongodb:1.2.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:mongodb:mongodb:1.4.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:mongodb:mongodb:1.6.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:mongodb:mongodb:1.8.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:mongodb:mongodb:2.0.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:mongodb:mongodb:2.0.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:mongodb:mongodb:2.0.2:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:mongodb:mongodb:2.0.3:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:mongodb:mongodb:2.0.4:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:mongodb:mongodb:2.0.5:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:mongodb:mongodb:2.0.6:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:mongodb:mongodb:2.0.7:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:mongodb:mongodb:2.2.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:mongodb:mongodb:2.2.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:mongodb:mongodb:2.2.2:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:mongodb:mongodb:2.2.3:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:redhat:enterprise_mrg:2.3:*:*:*:*:*:*:* 1 OR
CVSS Version 2
  • Version
  • 2.0
  • Vector String
  • AV:N/AC:M/Au:S/C:P/I:P/A:P
  • Access Vector
  • NETWORK
  • Access Compatibility
  • MEDIUM
  • Authentication
  • SINGLE
  • Confidentiality Impact
  • PARTIAL
  • Integrity Impact
  • PARTIAL
  • Availability Impact
  • PARTIAL
  • Base Score
  • 6
  • Severity
  • MEDIUM
  • Exploitability Score
  • 6.8
  • Impact Score
  • 6.4
History
Created Old Value New Value Data Type Notes
2022-05-10 07:07:05 Added to TrackCVE
2022-12-01 19:57:54 2013-10-01T20:55Z 2013-10-01T20:55:03 CVE Published Date updated
2022-12-01 19:57:54 2021-07-15T19:15:36 CVE Modified Date updated
2022-12-01 19:57:54 Modified Vulnerability Status updated
2023-02-02 17:04:13 2023-02-02T16:15:19 CVE Modified Date updated
2023-02-02 17:04:13 MongoDB before 2.0.9 and 2.2.x before 2.2.4 does not properly validate requests to the nativeHelper function in SpiderMonkey, which allows remote authenticated users to cause a denial of service (invalid memory access and server crash) or execute arbitrary code via a crafted memory address in the first argument. CVE-2013-1892 MongoDB: Server Side JavaScript Includes allow Remote Code Execution Description updated
2023-02-02 17:04:14 References updated
2023-02-13 05:06:01 2023-02-13T04:41:55 CVE Modified Date updated
2023-02-13 05:06:02 CVE-2013-1892 MongoDB: Server Side JavaScript Includes allow Remote Code Execution MongoDB before 2.0.9 and 2.2.x before 2.2.4 does not properly validate requests to the nativeHelper function in SpiderMonkey, which allows remote authenticated users to cause a denial of service (invalid memory access and server crash) or execute arbitrary code via a crafted memory address in the first argument. Description updated