Voyager 安全漏洞

Voyager is an application by David Borland Personal Developer. A security vulnerability exists in Voyager version 1.8.0 and earlier, which stems from vulnerability to reflective cross-site scripting XSS attacks via /admin/compass...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS at the /admin/compass endpoint, which passes data from GET requests to the index function. This function can return unsanitized text in error message popups when it receives a file deletion request. As a result,...

External Control of File Name or Path

Overview Affected versions of this package are vulnerable to External Control of File Name or Path at the /admin/compass endpoint, which passes data from GET requests to the pathToLogFile function. An attacker who can convince an authenticated user to follow a link containing a malicious file nam...

@mongodb-js/compass-aggregations (=0.0.0-next-4384d1fb0545d3f19fa808079b2b78538a3277a8), @mongodb-js/compass-app-stores (=0.0.0-next-4384d1fb0545d3f19fa808079b2b78538a3277a8) +18 more potentially affected by CVE-2024-6376 via @mongodb-js/connection-form (>=0.0.0-experimental-1c53312ce4905234885618d41ae95fde9c21aa18 <=0.9.1)

@mongodb-js/connection-form NPM version =0.0.0-experimental-1c53312ce4905234885618d41ae95fde9c21aa18, =0.0.0-next-0a9492a9988b7b708d2142aa0addf1564bafaa4c, =0.0.0-experimental-1c53312ce4905234885618d41ae95fde9c21aa18, =0.0.0-experimental-1c53312ce4905234885618d41ae95fde9c21aa18, =5.29.1 -...

GHSA-JXR4-4PRV-MH83 ejson shell parser in MongoDB Compass maybe bypassed

MongoDB Compass may be susceptible to code injection due to insufficient sandbox protection settings with the usage of ejson shell parser in Compass' connection handling. This issue affects MongoDB Compass versions prior to version 1.42.2...

ejson shell parser in MongoDB Compass maybe bypassed

MongoDB Compass may be susceptible to code injection due to insufficient sandbox protection settings with the usage of ejson shell parser in Compass' connection handling. This issue affects MongoDB Compass versions prior to version 1.42.2...

CVE-2024-6376

MongoDB Compass may be susceptible to code injection due to insufficient sandbox protection settings with the usage of ejson shell parser in Compass' connection handling. This issue affects MongoDB Compass versions prior to version 1.42.2...

CVE-2024-6376

MongoDB Compass may be susceptible to code injection due to insufficient sandbox protection settings with the usage of ejson shell parser in Compass' connection handling. This issue affects MongoDB Compass versions prior to version 1.42.2...

CVE-2024-6376

CVE-2024-6376 affects MongoDB Compass prior to 1.42.2. The issue arises from insufficient sandbox protection when using the ejson shell parser in Compass’ connection handling, potentially enabling code injection. Evidence across sources confirms the vulnerability is associated with Compass’ GUI a...

CVE-2024-6376 ejson shell parser in MongoDB Compass maybe bypassed

MongoDB Compass may be susceptible to code injection due to insufficient sandbox protection settings with the usage of ejson shell parser in Compass' connection handling. This issue affects MongoDB Compass versions prior to version 1.42.2...

CVE-2024-6376 ejson shell parser in MongoDB Compass maybe bypassed

MongoDB Compass may be susceptible to code injection due to insufficient sandbox protection settings with the usage of ejson shell parser in Compass' connection handling. This issue affects MongoDB Compass versions prior to version 1.42.2...

ejson shell parser in MongoDB Compass maybe bypassed

MongoDB Compass may be susceptible to code injection due to insufficient sandbox protection settings with the usage of ejson shell parser in Compass' connection handling. This issue affects MongoDB Compass versions prior to version 1.42.2...

MongoDB Compass Security Vulnerability

MongoDB Compass is a free interactive tool from the US-based MongoDB Inc. for querying, optimizing and analyzing MongoDB data. A security vulnerability previously existed in MongoDB Compass version 1.42.2, which stemmed from a possible bypass of the ejson shell parser...

Malicious code in avalanche_compass_scoped (npm)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in avalanche_compass_scope (npm)

--- -= Per source details. Do not edit below this line.=-...

MAL-2024-1784 Malicious code in avalanche_compass_scope (npm)

--- -= Per source details. Do not edit below this line.=-...

Microsoft named an overall leader in KuppingerCole Leadership Compass for ITDR

The post Microsoft named an overall leader in KuppingerCole Leadership Compass for ITDR appeared first on Microsoft Security Blog...

Vulnerability fixed in MongoDB Compass

MongoDB developers have fixed a vulnerability in MongoDB Compass. A malicious party could exploit the vulnerability to use a Man-in-the-Middle attack to gain access to sensitive data, or impersonate another user. MongoDB has released updates to fix the vulnerability in Compass 1.42.1. For more...

CVE-2024-3371

MongoDB Compass may accept and use insufficiently validated input from an untrusted external source. This may cause unintended application behavior, including data disclosure and enabling attackers to impersonate users. This issue affects MongoDB Compass versions 1.35.0 to 1.42.0...

CVE-2024-3371

MongoDB Compass may accept and use insufficiently validated input from an untrusted external source. This may cause unintended application behavior, including data disclosure and enabling attackers to impersonate users. This issue affects MongoDB Compass versions 1.35.0 to 1.42.0...