4 matches found
CVE-2021-20334
CVE-2021-20334 is a local privilege escalation affecting MongoDB Compass on Windows. A malicious third party with local access can execute arbitrary software with the privileges of the user running MongoDB Compass. Affected products include MongoDB Compass 1.x (starting with 1.3.0 on Windows) and...
CVE-2024-6376
CVE-2024-6376 affects MongoDB Compass prior to 1.42.2. The issue arises from insufficient sandbox protection when using the ejson shell parser in Compass’ connection handling, potentially enabling code injection. Evidence across sources confirms the vulnerability is associated with Compass’ GUI a...
CVE-2024-3371
CVE-2024-3371 affects MongoDB Compass. Affected versions: 1.35.0–1.42.0. Root cause: insufficient validation of input from untrusted sources, enabling unintended behavior and data disclosure, with potential for attackers to impersonate users and perform MITM-style access to the channel. Public di...
CVE-2025-1755
MongoDB Compass (Windows) is affected by CVE-2025-1755: a local privilege escalation vulnerability when a crafted file is stored in C:\node_modules, affecting versions prior to 1.42.1. The condition described enables elevated-privilege actions on the user’s system. Several connected sources (incl...