The find prototype in scripting/engine_v8.h in MongoDB 2.4.0 up to and including 2.4.4 allows remote authenticated users to cause a denial of service (uninitialized pointer dereference and server crash) or possibly execute arbitrary code via an invalid RefDB object.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
mongodb mongodb 2.4.0 |
||
mongodb mongodb 2.4.1 |
||
mongodb mongodb 2.4.2 |
||
mongodb mongodb 2.4.3 |
||
mongodb mongodb 2.4.4 |