-
Type: Bug
-
Resolution: Fixed
-
Priority: Major - P3
-
Affects Version/s: None
-
Component/s: None
-
None
-
Environment:OS: macOS 13.4.1
node.js / npm versions:
Additional info:
Compass download here: https://www.mongodb.com/try/download/compass
-
Not Needed
-
Iteration Pterodactyl, Iteration Qantassaurus
CVE Jira: CVE-89
CVE ID:
CVE-2024-6376
Title:
ejson shell parser in MongoDB Compass maybe bypassed
Description:
MongoDB Compass may be susceptible to code injection due to insufficient sandbox protection settings with the usage of ejson shell parser in Compass' connection handling. This issue affects MongoDB Compass versions prior to version 1.42.2
CVSS Score:
7.0 - https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
List all affected product versions:
MongoDB Compass versions prior to version 1.42.2
CWE:
CWE-20: Improper Input Validation
Is a fixed version available:
Yes