{ "schema_version": "1.4.0", "id": "GHSA-vv9j-qmgv-fcp5", "modified": "2025-04-11T04:14:26Z", "published": "2022-05-13T01:08:48Z", "aliases": [ "CVE-2013-1892" ], "details": "MongoDB before 2.0.9 and 2.2.x before 2.2.4 does not properly validate requests to the nativeHelper function in SpiderMonkey, which allows remote authenticated users to cause a denial of service (invalid memory access and server crash) or execute arbitrary code via a crafted memory address in the first argument.", "severity": [], "affected": [], "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-1892" }, { "type": "WEB", "url": "https://access.redhat.com/errata/RHSA-2013:1170" }, { "type": "WEB", "url": "https://access.redhat.com/security/cve/CVE-2013-1892" }, { "type": "WEB", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=927536" }, { "type": "WEB", "url": "https://jira.mongodb.org/browse/SERVER-9124" }, { "type": "WEB", "url": "http://blog.scrt.ch/2013/03/24/mongodb-0-day-ssji-to-rce" }, { "type": "WEB", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101630.html" }, { "type": "WEB", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101679.html" }, { "type": "WEB", "url": "http://rhn.redhat.com/errata/RHSA-2013-1170.html" }, { "type": "WEB", "url": "http://www.exploit-db.com/exploits/24935" }, { "type": "WEB", "url": "http://www.exploit-db.com/exploits/24947" }, { "type": "WEB", "url": "http://www.mongodb.org/about/alerts" }, { "type": "WEB", "url": "http://www.openwall.com/lists/oss-security/2013/03/25/9" } ], "database_specific": { "cwe_ids": [ "CWE-20" ], "severity": "MODERATE", "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2013-10-01T20:55:00Z" } }