CVE-2024-3371

Summary

MongoDB Compass may accept and use insufficiently validated input from an untrusted external source. This may cause unintended application behavior, including data disclosure and enabling attackers to impersonate users. This issue affects MongoDB Compass versions 1.35.0 to 1.42.0.

Affected Software

VendorProductVersion RangeStatus
MongoDB IncMongoDB Compass1.35.0 <= 1.42.0affected

Weaknesses

  • CWE-360: CWE-360: Trust of System Event Data

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

CVE Program Container

Additional References

References