MongoDB Compass Vulnerable to Code Injection Due to Sandbox Protection Settings
CVE-2024-6376
What is CVE-2024-6376?
A critical security vulnerability has been discovered in MongoDB Compass, identified as CVE-2024-6376, potentially exposing systems to code injection attacks. This flaw affects versions of MongoDB Compass prior to 1.42.2 and has been assigned a CVSS score of 9.8, indicating a high severity level. The vulnerability may allow attackers to execute arbitrary code, alter control flow, and gain unauthorized control of system resources. To mitigate the risk, users and administrators are strongly advised to update MongoDB Compass to version 1.42.2 or newer immediately. It is important for organizations to prioritize this update as part of their security maintenance procedures to prevent potential attacks.
Affected Version(s)
MongoDB Compass 0 < 1.42.2
News Articles
CybersecurityNewsCVE-2024-6376Critical MongoDB Compass Code Injection Flaw Exposes Systems to Hacking
A critical security vulnerability in MongoDB Compass, identified as CVE-2024-6376, has been discovered, potentially exposing systems to code injection attacks.
Red Hot CyberCVE-2024-6376Vulnerabilità Critica in MongoDB Compass: Sistemi a Rischi di Code Injection
vulnerabilità critica in MongoDB Compass: CVE-2024-6376 espone i sistemi a gravi rischi di code injection.
Red Hot CyberCVE-2024-6376Critical Vulnerability in MongoDB Compass: CVE-2024-6376 Exposes Systems to Code Injection Risks
Critical vulnerability discovered in MongoDB Compass: CVE-2024-6376 exposes systems to severe code injection risks.