CVE-2013-3969
published 2013-10-01CVE-2013-3969: The find prototype in scripting/engine_v8.h in MongoDB 2.4.0 through 2.4.4 allows remote authenticated users to cause a denial of service (uninitialized…
PriorityP340medium6.5CVSS 2.0
AVNACLAuSCPIPAP
EXPLOIT
EPSS
10.11%
95.1th percentile
The find prototype in scripting/engine_v8.h in MongoDB 2.4.0 through 2.4.4 allows remote authenticated users to cause a denial of service (uninitialized pointer dereference and server crash) or possibly execute arbitrary code via an invalid RefDB object.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| mongodb | mongodb | — | — |
| mongodb | mongodb | — | — |
| mongodb | mongodb | — | — |
| mongodb | mongodb | — | — |
| mongodb | mongodb | — | — |
CVSS provenance
nvdv2.06.5MEDIUMAV:N/AC:L/Au:S/C:P/I:P/A:P
vendor_redhat6.5MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
MongoDB: remote code execution via javascript
vendor_redhat·2013-07-04·CVSS 6.5
CVE-2013-3969 [MEDIUM] MongoDB: remote code execution via javascript
MongoDB: remote code execution via javascript
The find prototype in scripting/engine_v8.h in MongoDB 2.4.0 through 2.4.4 allows remote authenticated users to cause a denial of service (uninitialized pointer dereference and server crash) or possibly execute arbitrary code via an invalid RefDB object.
Package: mongodb (OpenShift Enterprise 1) - Affected
Package: mongodb (Red Hat Enterprise MRG 2) - Under investigation
GHSA
GHSA-27xw-phm9-jmx3: The find prototype in scripting/engine_v8
ghsa_unreviewed·2022-05-17
CVE-2013-3969 [MEDIUM] GHSA-27xw-phm9-jmx3: The find prototype in scripting/engine_v8
The find prototype in scripting/engine_v8.h in MongoDB 2.4.0 through 2.4.4 allows remote authenticated users to cause a denial of service (uninitialized pointer dereference and server crash) or possibly execute arbitrary code via an invalid RefDB object.
No detection rules found.
http://blog.scrt.ch/2013/06/04/mongodb-rce-by-databasespraying/http://secunia.com/advisories/54170http://www.mongodb.org/about/alerts/http://www.openwall.com/lists/oss-security/2013/07/30/10https://jira.mongodb.org/browse/SERVER-9878http://blog.scrt.ch/2013/06/04/mongodb-rce-by-databasespraying/http://secunia.com/advisories/54170http://www.mongodb.org/about/alerts/http://www.openwall.com/lists/oss-security/2013/07/30/10https://jira.mongodb.org/browse/SERVER-9878
2013-10-01
Published