Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

MongoDb Reachable Assertion Vulnerability (CVE-2024-3374)

Description

An unauthenticated user can trigger a fatal assertion in the server while generating ftdc diagnostic metrics due to attempting to build a BSON object that exceeds certain memory sizes. This issue affects MongoDB Server v5.0 versions prior to and including 5.0.16 and MongoDB Server v6.0 versions prior to and including 6.0.5.

Remediation

References

Related Vulnerabilities

Oracle Database Server CVE-2014-0378 Vulnerability (CVE-2014-0378)

WordPress Plugin AutomatorWP-The most flexible and powerful no-code automation for WordPress Cross-Site Request Forgery (2.5.8)

WordPress Plugin WordPress Clean Up & Optimizer-Clean Up Optimizer SQL Injection (3.0.13)

WordPress Plugin Simplr Registration Form Plus+ Privilege Escalation (2.4.3)

WordPress Plugin Code Snippets Cross-Site Request Forgery (2.13.3)

Severity

Medium

Classification

CVE-2024-3374 CWE-617 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Tags

Missing Update Known Vulnerabilities