CVE-2024-10921
MEDIUMDescription
An authorized user may trigger crashes or receive the contents of buffer over-reads of Server memory by issuing specially crafted requests that construct malformed BSON in the MongoDB Server. This issue affects MongoDB Server v5.0 versions prior to 5.0.30 , MongoDB Server v6.0 versions prior to 6.0.19, MongoDB Server v7.0 versions prior to 7.0.15 and MongoDB Server v8.0 versions prior to and including 8.0.2.
Is your site exposed to CVE-2024-10921?
Run a free security scan — no signup, results in seconds.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| mongodb | mongodb |
| mongodb | mongodb |
| mongodb | mongodb |
| mongodb | mongodb |
References
Advisories & Patches
Frequently Asked Questions
What is CVE-2024-10921? +
How severe is CVE-2024-10921? +
What products are affected by CVE-2024-10921? +
How do I check if I'm vulnerable to CVE-2024-10921? +
Related Vulnerabilities
A vulnerability in the CivetWeb library's function mg_handle_form_request allows remote attackers to trigger a denial of service (DoS) condition. By …
In Wing FTP Server before 7.4.4. the user and admin web interfaces mishandle '\0' bytes, ultimately allowing injection of arbitrary …
The PhastPress plugin for WordPress is vulnerable to Unauthenticated Arbitrary File Read via null byte injection in all versions up …
If the Access Control List is enforced by the Control-M/Agent and the C router is in use (default in Out-of-support …
Unauthenticated Arbitrary File Read via Null Byte Injection in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, …
jar: URLs retrieve local file content packaged in a ZIP archive. The null and everything after it was ignored when …