MongoDB Compass may be susceptible to code injection due to insufficient sandbox protection settings with the usage of ejson shell parser in Compass' connection handling. This issue affects MongoDB Compass versions prior to version 1.42.2
References
Link | Resource |
---|---|
https://jira.mongodb.org/browse/COMPASS-7496 | Issue Tracking Patch Vendor Advisory |
Configurations
History
03 Jul 2024, 15:04
Type | Values Removed | Values Added |
---|---|---|
First Time |
Mongodb
Mongodb compass |
|
References | () https://jira.mongodb.org/browse/COMPASS-7496 - Issue Tracking, Patch, Vendor Advisory | |
Summary |
|
|
CWE | CWE-94 | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
CPE | cpe:2.3:a:mongodb:compass:*:*:*:*:*:*:*:* |
01 Jul 2024, 15:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-07-01 15:15
Updated : 2024-07-03 15:04
NVD link : CVE-2024-6376
Mitre link : CVE-2024-6376
CVE.ORG link : CVE-2024-6376
JSON object : View
Products Affected
mongodb
- compass