Description
MongoDB before 2.0.9 and 2.2.x before 2.2.4 does not properly validate requests to the nativeHelper function in SpiderMonkey, which allows remote authenticated users to cause a denial of service (invalid memory access and server crash) or execute arbitrary code via a crafted memory address in the first argument.
Remediation
References
Related Vulnerabilities
PrestaShop Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2019-13461)
Lighttpd Other Vulnerability (CVE-2005-0453)
XWiki Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2023-34466)
Plone CMS Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-5487)