45 matches found
MongoDB Compass 代码问题漏洞
MongoDB Compass is a free interactive tool from MongoDB, Inc. for querying, optimizing, and analyzing MongoDB data. A code issue vulnerability exists in MongoDB Compass versions prior to 1.42.1 that stems from local elevation of privilege...
The vulnerability of MongoDB Compass’s graphical interface, a database management system for MongoDB, allows attackers to gain unauthorized access to the credentials of any user.
The vulnerability of MongoDB Compass’s graphical interface, a database management system by MongoDB. Exploiting this vulnerability can allow an attacker to gain unauthorized access to the credentials of any user...
The vulnerability of the EJSON graphical interface parser in MongoDB Compass, a database management system, allows attackers to circumvent security restrictions and execute arbitrary code.
The vulnerability of the EJSON graphical interface parser in MongoDB Compass, a database management system, is related to insufficient validation of input data. Exploiting this vulnerability allows attackers to bypass security restrictions and execute arbitrary code...
GHSA-JXR4-4PRV-MH83 ejson shell parser in MongoDB Compass maybe bypassed
MongoDB Compass may be susceptible to code injection due to insufficient sandbox protection settings with the usage of ejson shell parser in Compass' connection handling. This issue affects MongoDB Compass versions prior to version 1.42.2...
@mongodb-js/compass-aggregations (=0.0.0-next-4384d1fb0545d3f19fa808079b2b78538a3277a8), @mongodb-js/compass-app-stores (=0.0.0-next-4384d1fb0545d3f19fa808079b2b78538a3277a8) +18 more potentially affected by CVE-2024-6376 via @mongodb-js/connection-form (>=0.0.0-experimental-1c53312ce4905234885618d41ae95fde9c21aa18 <=0.9.1)
@mongodb-js/connection-form NPM version =0.0.0-experimental-1c53312ce4905234885618d41ae95fde9c21aa18, =0.0.0-next-0a9492a9988b7b708d2142aa0addf1564bafaa4c, =0.0.0-experimental-1c53312ce4905234885618d41ae95fde9c21aa18, =0.0.0-experimental-1c53312ce4905234885618d41ae95fde9c21aa18, =5.29.1 -...
ejson shell parser in MongoDB Compass maybe bypassed
MongoDB Compass may be susceptible to code injection due to insufficient sandbox protection settings with the usage of ejson shell parser in Compass' connection handling. This issue affects MongoDB Compass versions prior to version 1.42.2...
CVE-2024-6376
MongoDB Compass may be susceptible to code injection due to insufficient sandbox protection settings with the usage of ejson shell parser in Compass' connection handling. This issue affects MongoDB Compass versions prior to version 1.42.2...
CVE-2024-6376 ejson shell parser in MongoDB Compass maybe bypassed
MongoDB Compass may be susceptible to code injection due to insufficient sandbox protection settings with the usage of ejson shell parser in Compass' connection handling. This issue affects MongoDB Compass versions prior to version 1.42.2...
CVE-2024-6376 ejson shell parser in MongoDB Compass maybe bypassed
MongoDB Compass may be susceptible to code injection due to insufficient sandbox protection settings with the usage of ejson shell parser in Compass' connection handling. This issue affects MongoDB Compass versions prior to version 1.42.2...
CVE-2024-6376
CVE-2024-6376 affects MongoDB Compass prior to 1.42.2. The issue arises from insufficient sandbox protection when using the ejson shell parser in Compass’ connection handling, potentially enabling code injection. Evidence across sources confirms the vulnerability is associated with Compass’ GUI a...
ejson shell parser in MongoDB Compass maybe bypassed
MongoDB Compass may be susceptible to code injection due to insufficient sandbox protection settings with the usage of ejson shell parser in Compass' connection handling. This issue affects MongoDB Compass versions prior to version 1.42.2...
MongoDB Compass Security Vulnerability
MongoDB Compass is a free interactive tool from the US-based MongoDB Inc. for querying, optimizing and analyzing MongoDB data. A security vulnerability previously existed in MongoDB Compass version 1.42.2, which stemmed from a possible bypass of the ejson shell parser...
Vulnerability fixed in MongoDB Compass
MongoDB developers have fixed a vulnerability in MongoDB Compass. A malicious party could exploit the vulnerability to use a Man-in-the-Middle attack to gain access to sensitive data, or impersonate another user. MongoDB has released updates to fix the vulnerability in Compass 1.42.1. For more...
CVE-2024-3371
MongoDB Compass may accept and use insufficiently validated input from an untrusted external source. This may cause unintended application behavior, including data disclosure and enabling attackers to impersonate users. This issue affects MongoDB Compass versions 1.35.0 to 1.42.0...
CVE-2024-3371 Insufficient validation of external input in Compass may enable MITM attacks
MongoDB Compass may accept and use insufficiently validated input from an untrusted external source. This may cause unintended application behavior, including data disclosure and enabling attackers to impersonate users. This issue affects MongoDB Compass versions 1.35.0 to 1.42.0...
CVE-2024-3371
CVE-2024-3371 affects MongoDB Compass. Affected versions: 1.35.0–1.42.0. Root cause: insufficient validation of input from untrusted sources, enabling unintended behavior and data disclosure, with potential for attackers to impersonate users and perform MITM-style access to the channel. Public di...
MongoDB Compass 安全漏洞
MongoDB Compass is a free interactive tool from the US-based MongoDB Inc. for querying, optimizing, and analyzing MongoDB data. A security vulnerability exists in MongoDB Compass versions 1.35.0 through 1.40.5, which stems from the possibility that the application may accept and use insufficientl...
PT-2023-9237 · Mongodb · Mongodb Compass
Name of the Vulnerable Software and Affected Versions: MongoDB Compass versions prior to 1.42.2 Description: The issue is related to insufficient sandbox protection settings with the usage of ejson shell parser in Compass' connection handling, which may allow attackers to execute malicious code o...
PT-2023-9454 · Mongodb · Mongodb Compass
Name of the Vulnerable Software and Affected Versions: MongoDB Compass versions 1.35.0 through 1.42.0 Description: The issue is related to the acceptance and use of insufficiently validated input from an untrusted external source by MongoDB Compass. This may cause unintended application behavior,...
The vulnerability of MongoDB Compass’s graphical interface, a database management system for MongoDB, relates to insecure privilege management. This allows attackers to escalate their privileges.
The vulnerability of MongoDB Compass’s graphical interface, a database management system by MongoDB, is related to insecure management of privileges. Exploiting this vulnerability can allow attackers to enhance their privileges...