40 matches found
CVE-2025-1693
The MongoDB Shell may be susceptible to control character injection where an attacker with control over the database cluster contents can inject control characters into the shell output. This may result in the display of falsified messages that appear to originate from mongosh or the underlying...
CVE-2025-1691
The MongoDB Shell may be susceptible to control character injection where an attacker with control of the mongosh autocomplete feature, can use the autocompletion feature to input and run obfuscated malicious text. This requires user interaction in the form of the user using ‘tab’ to autocomplete...
CVE-2025-1691
The MongoDB Shell may be susceptible to control character injection where an attacker with control of the mongosh autocomplete feature, can use the autocompletion feature to input and run obfuscated malicious text. This requires user interaction in the form of the user using ‘tab’ to autocomplete...
MongoDB Shell may be susceptible to local privilege escalation in Windows
mongosh may be susceptible to local privilege escalation under certain conditions potentially enabling unauthorized actions on a user's system with elevated privilege, when a crafted file is stored in C:\nodemodules. This issue affects mongosh prior to 2.3.0...
CVE-2025-1693
Summary: CVE-2025-1693 affects the MongoDB Shell (mongosh) prior to version 2.3.9. When mongosh is connected to a cluster that is partially or fully under an attacker’s control, an attacker can inject control characters into the shell output, potentially causing falsified messages that appear to ...
CVE-2025-1693 MongoDB Shell may be susceptible to control character Injection via shell output
The MongoDB Shell may be susceptible to control character injection where an attacker with control over the database cluster contents can inject control characters into the shell output. This may result in the display of falsified messages that appear to originate from mongosh or the underlying...
CVE-2025-1693 MongoDB Shell may be susceptible to control character Injection via shell output
The MongoDB Shell may be susceptible to control character injection where an attacker with control over the database cluster contents can inject control characters into the shell output. This may result in the display of falsified messages that appear to originate from mongosh or the underlying...
MongoDB Shell may be susceptible to control character Injection via shell output
The MongoDB Shell may be susceptible to control character injection where an attacker with control over the database cluster contents can inject control characters into the shell output. This may result in the display of falsified messages that appear to originate from mongosh or the underlying...
CVE-2025-1692
CVE-2025-1692 affects MongoDB Shell (mongosh) prior to version 2.3.9. The vulnerability is a control character injection flaw that can be triggered when a user pastes text (via clipboard) into mongosh, potentially allowing evaluation of arbitrary code. Some sources also describe risk via the auto...
CVE-2025-1692 MongoDB Shell may be susceptible to control character injection via pasting
The MongoDB Shell may be susceptible to control character injection where an attacker with control of the user’s clipboard could manipulate them to paste text into mongosh that evaluates arbitrary code. Control characters in the pasted text can be used to obfuscate malicious code. This issue...
CVE-2025-1692 MongoDB Shell may be susceptible to control character injection via pasting
The MongoDB Shell may be susceptible to control character injection where an attacker with control of the user’s clipboard could manipulate them to paste text into mongosh that evaluates arbitrary code. Control characters in the pasted text can be used to obfuscate malicious code. This issue...
MongoDB Shell may be susceptible to control character injection via pasting
The MongoDB Shell may be susceptible to control character injection where an attacker with control of the user’s clipboard could manipulate them to paste text into mongosh that evaluates arbitrary code. Control characters in the pasted text can be used to obfuscate malicious code. This issue...
CVE-2025-1691 MongoDB Shell may be susceptible to Control Character Injection via autocomplete
The MongoDB Shell may be susceptible to control character injection where an attacker with control of the mongosh autocomplete feature, can use the autocompletion feature to input and run obfuscated malicious text. This requires user interaction in the form of the user using ‘tab’ to autocomplete...
CVE-2025-1691 MongoDB Shell may be susceptible to Control Character Injection via autocomplete
The MongoDB Shell may be susceptible to control character injection where an attacker with control of the mongosh autocomplete feature, can use the autocompletion feature to input and run obfuscated malicious text. This requires user interaction in the form of the user using ‘tab’ to autocomplete...
CVE-2025-1691
CVE-2025-1691 affects the MongoDB Shell (mongosh) before version 2.3.9. The issue is a control-character injection vulnerability triggered via the autocomplete feature: an attacker who controls mongosh autocomplete can craft obfuscated input by the user tab-completion, leading to malicious text e...
MongoDB Shell may be susceptible to Control Character Injection via autocomplete
The MongoDB Shell may be susceptible to control character injection where an attacker with control of the mongosh autocomplete feature, can use the autocompletion feature to input and run obfuscated malicious text. This requires user interaction in the form of the user using ‘tab’ to autocomplete...
PT-2025-8937
Name of the Vulnerable Software and Affected Versions mongosh versions prior to 2.3.9 Description The MongoDB Shell may be susceptible to control character injection where an attacker with control of the mongosh autocomplete feature can use the autocompletion feature to input and run obfuscated...
MongoDB Shell 注入漏洞
MongoDB Shell mongosh is an interactive database manipulation tool from the American company MongoDB. It is used to interact with the MongoDB database, execute commands and manipulate data. A security vulnerability exists in MongoDB Shell versions prior to 2.3.9 that stems from control character...
MongoDB Shell 安全漏洞
MongoDB Shell mongosh is an interactive database manipulation tool from the American company MongoDB. It is used to interact with the MongoDB database, execute commands and manipulate data. A security vulnerability exists in MongoDB Shell versions prior to 2.3.9 that stems from control character...
MongoDB 2.0.1 / 2.1.1 / 2.1.4 / 2.1.5 Local Password Disclosure
Title: MongoDB MONGOSH Password Exposure Vulnerability Product: MongoDB database Tool: mongosh Affected Versions: 2.0.1 , 2.1.1,2.1.4,2.1.5 Tested Versions: 2.0.1 , 2.1.1,2.1.4,2.1.5 Risk Level: Low Author of Advisory: Emad Al-Mousa Vulnerability Details: Vulnerability in MongoDB database system...