GCVE - cpe:2.3:a:mongodb:mongodb:2.4.1:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:mongodb:mongodb:2.4.1:*:*:*:*:*:*:*

part: a version: 2.4.1 update: *

Vendor	Mongodb (`1aa156a6-63a9-5032-baaf-10197d408a1e`)
Product	Mongodb (`fa9f1f9b-0cc9-5830-a189-b908276ac432`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
`pkg:deb/debian/mongodb`	purl2cpe	2026-06-01 10:11:17.774735
`pkg:deb/ubuntu/mongodb`	purl2cpe	2026-06-01 10:11:17.774736
`pkg:github/mongodb/mongo`	purl2cpe	2026-06-01 10:11:17.774738

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2013-4650`	vulnerable	2026-06-03 14:33:18.799768	Details available MongoDB 2.4.x before 2.4.5 and 2.5.x before 2.5.1 allows remote authenticated users to obtain internal system privileges by leveraging a username of __system in an arbitrary database. Published: 2013-07-04T10:00:00.000Z Updated: 2024-09-16T23:11:11.616Z Open on db.gcve.eu Reference links https://jira.mongodb.org/browse/SERVER-9983 http://www.mongodb.org/about/alerts/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2013-3969`	vulnerable	2026-06-03 14:33:09.092205	Details available The find prototype in scripting/engine_v8.h in MongoDB 2.4.0 through 2.4.4 allows remote authenticated users to cause a denial of service (uninitialized pointer dereference and server crash) or possibly execute arbitrary code via an invalid RefDB object. Published: 2013-10-01T20:00:00.000Z Updated: 2024-09-16T16:24:09.259Z Open on db.gcve.eu Reference links http://www.openwall.com/lists/oss-security/2013/07/30/10 http://blog.scrt.ch/2013/06/04/mongodb-rce-by-databasespraying/ http://secunia.com/advisories/54170 http://www.mongodb.org/about/alerts/ https://jira.mongodb.org/browse/SERVER-9878	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2013-2132`	vulnerable	2026-06-03 14:32:53.865033	Details available bson/_cbsonmodule.c in the mongo-python-driver (aka. pymongo) before 2.5.2, as used in MongoDB, allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to decoding of an "invalid DBRef." Published: 2013-08-15T17:00:00.000Z Updated: 2024-08-06T15:27:40.620Z Open on db.gcve.eu Reference links http://lists.opensuse.org/opensuse-updates/2013-06/msg00180.html http://ubuntu.com/usn/usn-1897-1 http://www.osvdb.org/93804 https://jira.mongodb.org/browse/PYTHON-532 https://github.com/mongodb/mongo-python-driver/commit/a060c15ef87e0f0e72974c7c0e57fe811bbd06a2	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.