Lucene search
K
MongodbMongosh

4 matches found

CVE
CVE
added 2025/02/27 12:37 p.m.93 views

CVE-2025-1692

CVE-2025-1692 affects MongoDB Shell (mongosh) prior to version 2.3.9. The vulnerability is a control character injection flaw that can be triggered when a user pastes text (via clipboard) into mongosh, potentially allowing evaluation of arbitrary code. Some sources also describe risk via the auto...

8.8CVSS7.3AI score0.00224EPSS
CVE
CVE
added 2025/02/27 3:28 p.m.61 views

CVE-2025-1756

CVE-2025-1756 reports a local privilege escalation in mongosh when a crafted file is stored under C:\node_modules, affecting mongosh versions prior to 2.3.0. The vulnerability is described consistently across sources (NVD, MONGODB advisories, OSV, Nessus/NASL) as local, with low privileges requir...

7.8CVSS7.5AI score0.00138EPSS
CVE
CVE
added 2025/02/27 12:34 p.m.55 views

CVE-2025-1691

CVE-2025-1691 affects the MongoDB Shell (mongosh) before version 2.3.9. The issue is a control-character injection vulnerability triggered via the autocomplete feature: an attacker who controls mongosh autocomplete can craft obfuscated input by the user tab-completion, leading to malicious text e...

7.6CVSS7.6AI score0.00287EPSS
CVE
CVE
added 2025/02/27 12:39 p.m.49 views

CVE-2025-1693

Summary: CVE-2025-1693 affects the MongoDB Shell (mongosh) prior to version 2.3.9. When mongosh is connected to a cluster that is partially or fully under an attacker’s control, an attacker can inject control characters into the shell output, potentially causing falsified messages that appear to ...

6.8CVSS7.1AI score0.00194EPSS