drift-mongodb-serverplugin uses an insecure temporary file storage when unpacking zip files. The files are unpacked to a world-writable directory which could potentially allow a local attacker to modify and tamper with the files, leading to unexpected behavior in the application.
CPE | Name | Operator | Version |
---|---|---|---|
drift server mongodb plugin | le | 4.5.1 |