Synthesis
MongoDB Inc. has released security updates to resolve a “high” severity vulnerability affecting the ejson parser sandbox of MongoDB Compass, a graphical application for interacting with the MongoDB database.This vulnerability could be exploited to execute arbitrary code in the context of the application.
Risk
Estimated impact of vulnerability on the reference community: MEDIUM/YELLOW (58.72/100)1.
Type
Arbitrary Code Execution
Affected products and versions
MongoDB Compass, versions prior to 1.42.2
Mitigation actions
In line with the vendor’s statements, it is recommended to apply the available mitigations following the indications reported in the security bulletin in the References section.
Unique vulnerability identifiers
References
https://jira.mongodb.org/browse/COMPASS-7496
1This estimate is carried out taking into account various parameters, including: CVSS, availability of patches/workarounds and PoC, diffusion of the affected software/devices in the reference community.
