4 matches found
CVE-2025-1692
CVE-2025-1692 affects MongoDB Shell (mongosh) prior to version 2.3.9. The vulnerability is a control character injection flaw that can be triggered when a user pastes text (via clipboard) into mongosh, potentially allowing evaluation of arbitrary code. Some sources also describe risk via the auto...
CVE-2025-1756
CVE-2025-1756 reports a local privilege escalation in mongosh when a crafted file is stored under C:\node_modules, affecting mongosh versions prior to 2.3.0. The vulnerability is described consistently across sources (NVD, MONGODB advisories, OSV, Nessus/NASL) as local, with low privileges requir...
CVE-2025-1691
CVE-2025-1691 affects the MongoDB Shell (mongosh) before version 2.3.9. The issue is a control-character injection vulnerability triggered via the autocomplete feature: an attacker who controls mongosh autocomplete can craft obfuscated input by the user tab-completion, leading to malicious text e...
CVE-2025-1693
Summary: CVE-2025-1693 affects the MongoDB Shell (mongosh) prior to version 2.3.9. When mongosh is connected to a cluster that is partially or fully under an attacker’s control, an attacker can inject control characters into the shell output, potentially causing falsified messages that appear to ...