CVE-2025-1755
- EPSS 0.02%
- Published 27.02.2025 16:15:39
- Last modified 09.04.2025 14:07:43
MongoDB Compass may be susceptible to local privilege escalation under certain conditions potentially enabling unauthorized actions on a user's system with elevated privileges, when a crafted file is stored in C:\node_modules\. This issue affects Mon...
CVE-2024-6376
- EPSS 0.49%
- Published 01.07.2024 15:15:17
- Last modified 21.11.2024 09:49:31
MongoDB Compass may be susceptible to code injection due to insufficient sandbox protection settings with the usage of ejson shell parser in Compass' connection handling. This issue affects MongoDB Compass versions prior to version 1.42.2
CVE-2024-3371
- EPSS 0.1%
- Published 24.04.2024 17:15:47
- Last modified 06.02.2025 17:58:01
MongoDB Compass may accept and use insufficiently validated input from an untrusted external source. This may cause unintended application behavior, including data disclosure and enabling attackers to impersonate users. This issue affects MongoDB Com...
CVE-2021-20334
- EPSS 0.1%
- Published 06.04.2021 17:15:12
- Last modified 21.11.2024 05:46:24
A malicious 3rd party with local access to the Windows machine where MongoDB Compass is installed can execute arbitrary software with the privileges of the user who is running MongoDB Compass. This issue affects: MongoDB Inc. MongoDB Compass 1.x vers...