Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Insufficient validation of external input in Compass may enable MITM attacks
Vulnerability Description
MongoDB Compass may accept and use insufficiently validated input from an untrusted external source. This may cause unintended application behavior, including data disclosure and enabling attackers to impersonate users. This issue affects MongoDB Compass versions 1.35.0 to 1.42.0.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L
Vulnerability Type
信任系统事件数据
Vulnerability Title
MongoDB Compass 安全漏洞
Vulnerability Description
MongoDB Compass是美国MongoDB公司的一个免费的交互式工具。用于查询、优化和分析 MongoDB 数据。 MongoDB Compass 1.35.0 到 1.40.5版本存在安全漏洞,该漏洞源于应用可能接受并使用来自不受信任的外部源的未经充分验证的输入,导致意外的应用程序行为,如:数据泄露、冒充用户等。
CVSS Information
N/A
Vulnerability Type
N/A