CVE-2024-6376

MongoDB Compass may be susceptible to code injection due to insufficient sandbox protection settings with the usage of ejson shell parser in Compass' connection handling. This issue affects MongoDB Compass versions prior to version 1.42.2
References
Link Resource
https://jira.mongodb.org/browse/COMPASS-7496 Issue Tracking Patch Vendor Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:mongodb:compass:*:*:*:*:*:*:*:*

History

03 Jul 2024, 15:04

Type Values Removed Values Added
First Time Mongodb
Mongodb compass
References () https://jira.mongodb.org/browse/COMPASS-7496 - () https://jira.mongodb.org/browse/COMPASS-7496 - Issue Tracking, Patch, Vendor Advisory
Summary
  • (es) MongoDB Compass puede ser susceptible a la inyección de código debido a una configuración insuficiente de protección de la zona de pruebas con el uso del analizador de shell ejson en el manejo de conexiones de Compass. Este problema afecta a las versiones de MongoDB Compass anteriores a la versión 1.42.2
CWE CWE-94
CVSS v2 : unknown
v3 : 7.0
v2 : unknown
v3 : 9.8
CPE cpe:2.3:a:mongodb:compass:*:*:*:*:*:*:*:*

01 Jul 2024, 15:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-07-01 15:15

Updated : 2024-07-03 15:04


NVD link : CVE-2024-6376

Mitre link : CVE-2024-6376

CVE.ORG link : CVE-2024-6376


JSON object : View

Products Affected

mongodb

  • compass
CWE
CWE-94

Improper Control of Generation of Code ('Code Injection')

CWE-20

Improper Input Validation