CVE-2025-1755
- EPSS 0.02%
- Veröffentlicht 27.02.2025 16:15:39
- Zuletzt bearbeitet 09.04.2025 14:07:43
MongoDB Compass may be susceptible to local privilege escalation under certain conditions potentially enabling unauthorized actions on a user's system with elevated privileges, when a crafted file is stored in C:\node_modules\. This issue affects Mon...
CVE-2024-6376
- EPSS 0.49%
- Veröffentlicht 01.07.2024 15:15:17
- Zuletzt bearbeitet 21.11.2024 09:49:31
MongoDB Compass may be susceptible to code injection due to insufficient sandbox protection settings with the usage of ejson shell parser in Compass' connection handling. This issue affects MongoDB Compass versions prior to version 1.42.2
CVE-2024-3371
- EPSS 0.1%
- Veröffentlicht 24.04.2024 17:15:47
- Zuletzt bearbeitet 06.02.2025 17:58:01
MongoDB Compass may accept and use insufficiently validated input from an untrusted external source. This may cause unintended application behavior, including data disclosure and enabling attackers to impersonate users. This issue affects MongoDB Com...
CVE-2021-20334
- EPSS 0.1%
- Veröffentlicht 06.04.2021 17:15:12
- Zuletzt bearbeitet 21.11.2024 05:46:24
A malicious 3rd party with local access to the Windows machine where MongoDB Compass is installed can execute arbitrary software with the privileges of the user who is running MongoDB Compass. This issue affects: MongoDB Inc. MongoDB Compass 1.x vers...