Description
The $_internalApplyOplogUpdate aggregation pipeline stage can be used to execute a document diff containing a malformed binary diff to return memory out-of-bounds or crash the server. $_internalApplyOplogUpdate can be executed by any authenticated user with access to the aggregate command.
Remediation
References
Related Vulnerabilities
XWiki Improper Privilege Management Vulnerability (CVE-2023-34465)
Ruby on Rails CVE-2015-3227 Vulnerability (CVE-2015-3227)
TYPO3 Exposed Dangerous Method or Function Vulnerability (CVE-2024-55893)
WordPress Plugin No Page Comment Multiple Vulnerabilities (1.1)
WordPress Plugin Booking Calendar Local File Inclusion (7.0)