MongoDB Compass may be susceptible to code injection due to insufficient sandbox protection settings with the usage of ejson shell parser in Compass' connection handling. This issue affects MongoDB Compass versions prior to version 1.42.2
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:HMongodb Compass
APPMongodb< 1.42.2
Related vulnerabilities
MongoDB Compass may be susceptible to local privilege escalation under certain conditions potentially enabling...
MongoDB Compass may accept and use insufficiently validated input from an untrusted external source. This may ...
A malicious 3rd party with local access to the Windows machine where MongoDB Compass is installed can execute ...
All versions of bson before 1.1.4 are vulnerable to Deserialization of Untrusted Data. The package will ignore...
MongoDB 3.4.x before 3.4.10, and 3.5.x-development, has a disabled-by-default configuration setting, networkMe...