GCVE - cpe:2.3:a:mongodb:mongodb:2.0.0:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:mongodb:mongodb:2.0.0:*:*:*:*:*:*:*

part: a version: 2.0.0 update: *

Vendor	Mongodb (`1aa156a6-63a9-5032-baaf-10197d408a1e`)
Product	Mongodb (`fa9f1f9b-0cc9-5830-a189-b908276ac432`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
`pkg:deb/debian/mongodb`	purl2cpe	2026-06-01 10:11:17.774655
`pkg:deb/ubuntu/mongodb`	purl2cpe	2026-06-01 10:11:17.774656
`pkg:github/mongodb/mongo`	purl2cpe	2026-06-01 10:11:17.774657

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2013-2132`	vulnerable	2026-06-03 14:32:53.862639	Details available bson/_cbsonmodule.c in the mongo-python-driver (aka. pymongo) before 2.5.2, as used in MongoDB, allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to decoding of an "invalid DBRef." Published: 2013-08-15T17:00:00.000Z Updated: 2024-08-06T15:27:40.620Z Open on db.gcve.eu Reference links http://lists.opensuse.org/opensuse-updates/2013-06/msg00180.html http://ubuntu.com/usn/usn-1897-1 http://www.osvdb.org/93804 https://jira.mongodb.org/browse/PYTHON-532 https://github.com/mongodb/mongo-python-driver/commit/a060c15ef87e0f0e72974c7c0e57fe811bbd06a2	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2013-1892`	vulnerable	2026-06-03 14:32:52.443120	Details available MongoDB before 2.0.9 and 2.2.x before 2.2.4 does not properly validate requests to the nativeHelper function in SpiderMonkey, which allows remote authenticated users to cause a denial of service (invalid memory access and server crash) or execute arbitrary code via a crafted memory address in the first argument. Published: 2013-10-01T20:00:00.000Z Updated: 2024-08-06T15:20:37.304Z Open on db.gcve.eu Reference links http://rhn.redhat.com/errata/RHSA-2013-1170.html http://www.exploit-db.com/exploits/24947 http://www.openwall.com/lists/oss-security/2013/03/25/9 http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101630.html http://blog.scrt.ch/2013/03/24/mongodb-0-day-ssji-to-rce/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2012-6619`	vulnerable	2026-06-03 14:32:34.874900	Details available The default configuration for MongoDB before 2.3.2 does not validate objects, which allows remote authenticated users to cause a denial of service (crash) or read system memory via a crafted BSON object in the column name in an insert command, which triggers a buffer over-read. Published: 2014-03-06T15:00:00.000Z Updated: 2024-08-06T21:36:01.807Z Open on db.gcve.eu Reference links http://www.openwall.com/lists/oss-security/2014/01/07/13 http://www.openwall.com/lists/oss-security/2014/01/07/2 http://rhn.redhat.com/errata/RHSA-2014-0230.html https://jira.mongodb.org/browse/SERVER-7769 http://blog.ptsecurity.com/2012/11/attacking-mongodb.html	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.