Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
ejson shell parser in MongoDB Compass maybe bypassed
Vulnerability Description
MongoDB Compass may be susceptible to code injection due to insufficient sandbox protection settings with the usage of ejson shell parser in Compass' connection handling. This issue affects MongoDB Compass versions prior to version 1.42.2
CVSS Information
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Vulnerability Type
输入验证不恰当
Vulnerability Title
MongoDB Compass 安全漏洞
Vulnerability Description
MongoDB Compass是美国MongoDB公司的一个免费的交互式工具。用于查询、优化和分析 MongoDB 数据。 MongoDB Compass 1.42.2 版本之前存在安全漏洞,该漏洞源于 ejson shell 解析器可能被绕过。
CVSS Information
N/A
Vulnerability Type
N/A