3 matches found
@gnar-engine/core (>=1.0.1 <=1.0.23) potentially affected by CVE-2025-1691 via mongosh (=1.10.6)
mongosh NPM version =1.10.6 is affected by a known vulnerability. The following packages have a transitive dependency on mongosh and may be impacted: - @gnar-engine/core =1.0.1, =1.0.23 Source cves: CVE-2025-1691 Source advisory: OSV:GHSA-43G5-2WR2-Q7VJ...
CVE-2025-1691
creationtimestamp| type| source ---|---|--- 2025-02-27 13:27:49+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/5676 2025-02-27 14:30:56+00:00| seen| Telegram/8yOYO6tlUL8g395WybOOGlJbQsya4zgpogj5jDmK3igg 2025-02-27 15:53:32+00:00| seen|...
CVE-2025-1691 MongoDB Shell may be susceptible to Control Character Injection via autocomplete
The MongoDB Shell may be susceptible to control character injection where an attacker with control of the mongosh autocomplete feature, can use the autocompletion feature to input and run obfuscated malicious text. This requires user interaction in the form of the user using ‘tab’ to autocomplete...