Remove unused C++ injected JS constructors

XMLWordPrintableJSON

    • Type: Task
    • Resolution: Fixed
    • Priority: Major - P3
    • 4.0.7, 4.1.9
    • Affects Version/s: None
    • Component/s: JavaScript
    • None
    • Fully Compatible
    • v4.0
    • Dev Tools 2019-02-25, Dev Tools 2019-03-11
    • None
    • 3
    • None
    • None
    • None
    • None
    • None
    • None

      CVE-2019-20923

      Title: Crash while handling internal Javascript exception types

      Description:
      A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries, which throw unhandled Javascript exceptions containing types intended to be scoped to the Javascript engine's internals. This issue affects: MongoDB Inc. MongoDB Server v4.0 versions prior to 4.0.7.

      CVSS score:
      This issue's CVSS:3.1 severity is scored at 6.5 using the following scoring metrics:
      CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

      Affected versions:
      MongoDB Inc. MongoDB Server v4.0 versions prior to 4.0.7.

      CWE: CWE-749: Exposed Dangerous Method or Function


      There are some types that are used internally in C++ that should be completely hidden in the Javascript side.

            Assignee:
            Gabriel Russell (Inactive)
            Reporter:
            Spencer Jackson
            Votes:
            0 Vote for this issue
            Watchers:
            7 Start watching this issue

              Created:
              Updated:
              Resolved: