CVE-2024-10921
published 2024-11-14CVE-2024-10921: An authorized user may trigger crashes or receive the contents of buffer over-reads of Server memory by issuing specially crafted requests that construct…
PriorityP349high8.1CVSS 3.1
AVNACLPRLUINSUCHINAH
EPSS
0.54%
41.1th percentile
An authorized user may trigger crashes or receive the contents of buffer over-reads of Server memory by issuing specially crafted requests that construct malformed BSON in the MongoDB Server. This issue affects MongoDB Server v5.0 versions prior to 5.0.30 , MongoDB Server v6.0 versions prior to 6.0.19, MongoDB Server v7.0 versions prior to 7.0.15 and MongoDB Server v8.0 versions prior to and including 8.0.2.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| mongodb | mongodb | >= 5.0.0 < 5.0.30 | 5.0.30 |
| mongodb | mongodb | >= 6.0.0 < 6.0.19 | 6.0.19 |
| mongodb | mongodb | >= 7.0.0 < 7.0.15 | 7.0.15 |
| mongodb | mongodb | >= 8.0.0 < 8.0.3 | 8.0.3 |
| mongodb_inc | mongodb_server | >= 5.0 < 5.0.30 | 5.0.30 |
| mongodb_inc | mongodb_server | >= 6.0 < 6.0.19 | 6.0.19 |
| mongodb_inc | mongodb_server | >= 7.0 < 7.0.15 | 7.0.15 |
| mongodb_inc | mongodb_server | >= 8.0 < 8.0.3 | 8.0.3 |
CVSS provenance
nvdv3.18.1HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
osv8.1HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-rvjg-858g-pwh4: An authorized user may trigger crashes or receive the contents of buffer over-reads of Server memory by issuing specially crafted requests that constr
ghsa_unreviewed·2024-11-14
CVE-2024-10921 [MEDIUM] CWE-158 GHSA-rvjg-858g-pwh4: An authorized user may trigger crashes or receive the contents of buffer over-reads of Server memory by issuing specially crafted requests that constr
An authorized user may trigger crashes or receive the contents of buffer over-reads of Server memory by issuing specially crafted requests that construct malformed BSON in the MongoDB Server. This issue affects MongoDB Server v5.0 versions prior to 5.0.30 , MongoDB Server v6.0 versions prior to 6.0.19, MongoDB Server v7.0 versions prior to 7.0.15 and MongoDB Server v8.0 versions prior to and including 8.0.2.
OSV
CVE-2024-10921: An authorized user may trigger crashes or receive the contents of buffer over-reads of Server memory by issuing specially crafted requests that constr
osv·2024-11-14·CVSS 8.1
CVE-2024-10921 [HIGH] CVE-2024-10921: An authorized user may trigger crashes or receive the contents of buffer over-reads of Server memory by issuing specially crafted requests that constr
An authorized user may trigger crashes or receive the contents of buffer over-reads of Server memory by issuing specially crafted requests that construct malformed BSON in the MongoDB Server. This issue affects MongoDB Server v5.0 versions prior to 5.0.30 , MongoDB Server v6.0 versions prior to 6.0.19, MongoDB Server v7.0 versions prior to 7.0.15 and MongoDB Server v8.0 versions prior to and including 8.0.2.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-11-14
Published