Similar to CVE-2013-1892, it was reported [1] that MongoDB suffers from remote code execution This flaw requires read-write access to the MongoDB database to execute arbitrary code; however it looks as though read-only access could be used to cause the database to crash. It is unknown whether this flaw was introduced in 2.2.3 with the change to using the V8 Javascript engine, or if it also affects earlier versions. [1] http://blog.scrt.ch/2013/06/04/mongodb-rce-by-databasespraying/
CVE request is here: http://openwall.com/lists/oss-security/2013/07/17/2 At least 2.2.3 through to and including 2.4.4 are vulnerable. Upstream has indicated that they are currently working on a fix.
The CVE identifier of CVE-2013-4142 has been assigned to this issue: http://www.openwall.com/lists/oss-security/2013/07/18/2
This was improperly assigned CVE-2013-4142, it should be CVE-2013-3969 instead as per http://www.openwall.com/lists/oss-security/2013/07/30/10