Karman Liu

**Name of the Vulnerable Software and Affected Versions** mongosh versions prior to 2.3.9 **Description** The MongoDB Shell may be susceptible to control character injection where an attacker with control of the mongosh autocomplete feature can use the autocompletion feature to input and run obfuscated malicious text. This requires user interaction in the form of the user using ‘tab’ to autocomplete text that is a prefix of the attacker’s prepared autocompletion. The issue is exploitable only when mongosh is connected to a cluster that is partially or fully controlled by an attacker. **Recommendations** For versions prior to 2.3.9, update to version 2.3.9 or later to resolve the issue. As a temporary workaround, consider disabling the autocompletion feature in mongosh to minimize the risk of exploitation. Restrict access to clusters that are partially or fully controlled by an attacker to prevent potential exploitation.

**Name of the Vulnerable Software and Affected Versions** mongosh versions prior to 2.3.9 **Description** The MongoDB Shell may be susceptible to control character injection, allowing an attacker with control over the database cluster contents to inject control characters into the shell output. This can result in the display of falsified messages that appear to originate from mongosh or the underlying operating system, potentially misleading users into executing unsafe actions. The issue is only exploitable when connected to a cluster that is partially or fully controlled by an attacker. **Recommendations** For versions prior to 2.3.9, update to version 2.3.9 or later to resolve the issue. As a temporary workaround, consider restricting access to clusters that may be partially or fully controlled by an attacker to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** mongosh versions prior to 2.3.9 **Description** The MongoDB Shell may be susceptible to control character injection, allowing an attacker with control of the user's clipboard to manipulate them into pasting text that evaluates arbitrary code. Control characters in the pasted text can be used to obfuscate malicious code. **Recommendations** For versions prior to 2.3.9, update to version 2.3.9 or later to resolve the issue. As a temporary workaround, consider disabling the ability to paste text into mongosh until a patch is available. Restrict access to sensitive data and systems to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: mongocryptd versions prior to 5.0.29 mongocryptd versions prior to 6.0.17 mongocryptd versions prior to 7.0.12 mongocryptd versions prior to 7.3.4 mongo crypt v1.so shared libraries versions prior to 6.0.17 mongo crypt v1.so shared libraries versions prior to 7.0.12 mongo crypt v1.so shared libraries versions prior to 7.3.4 Description: A bug in query analysis of certain complex self-referential $lookup subpipelines may result in literal values in expressions for encrypted fields to be sent to the server as plaintext instead of ciphertext. Should this occur, no documents would be returned or written. Recommendations: For mongocryptd versions prior to 5.0.29, update to version 5.0.29 or later. For mongocryptd versions prior to 6.0.17, update to version 6.0.17 or later. For mongocryptd versions prior to 7.0.12, update to version 7.0.12 or later. For mongocryptd versions prior to 7.3.4, update to version 7.3.4 or later. For mongo crypt v1.so shared libraries versions prior to 6.0.17, update to version 6.0.17 or later. For mongo crypt v1.so shared libraries versions prior to 7.0.12, update to version 7.0.12 or later. For mongo crypt v1.so shared libraries versions prior to 7.3.4, update to version 7.3.4 or later.

**Name of the Vulnerable Software and Affected Versions** MongoDB Enterprise Server versions prior to 6.0.16 MongoDB Enterprise Server versions prior to 7.0.11 MongoDB Enterprise Server versions prior to 7.3.3 **Description** Underprivileged users may download "hot" backup files if they can acquire a unique backup identifier. This issue allows unauthorized access to sensitive data. **Recommendations** For MongoDB Enterprise Server versions prior to 6.0.16, update to version 6.0.16 or later. For MongoDB Enterprise Server versions prior to 7.0.11, update to version 7.0.11 or later. For MongoDB Enterprise Server versions prior to 7.3.3, update to version 7.3.3 or later.

**Name of the Vulnerable Software and Affected Versions** MongoDB Server versions prior to 5.0.27 MongoDB Server versions prior to 6.0.16 MongoDB Server versions prior to 7.0.12 MongoDB Server versions prior to 7.3.3 MongoDB C Driver versions prior to 1.26.2 MongoDB PHP Driver versions prior to 1.18.1 **Description** The issue is related to incorrect validation of files loaded from a local untrusted directory, which may allow local privilege escalation if the underlying operating system is Windows. This could result in the application executing arbitrary behavior determined by the contents of untrusted files. Only environments with Windows as the underlying operating system are affected by this issue. **Recommendations** For MongoDB Server versions prior to 5.0.27, update to version 5.0.27 or later. For MongoDB Server versions prior to 6.0.16, update to version 6.0.16 or later. For MongoDB Server versions prior to 7.0.12, update to version 7.0.12 or later. For MongoDB Server versions prior to 7.3.3, update to version 7.3.3 or later. For MongoDB C Driver versions prior to 1.26.2, update to version 1.26.2 or later. For MongoDB PHP Driver versions prior to 1.18.1, update to version 1.18.1 or later.

Name of the Vulnerable Software and Affected Versions: libbson versions prior to 1.26.2 Description: The issue is related to an integer overflow in the bson strfreev function of the MongoDB C driver library, which may lead to memory corruption. This could potentially allow an attacker to impact the integrity of protected information. Recommendations: For libbson versions prior to 1.26.2, update to version 1.26.2 or later to resolve the issue. As a temporary workaround, consider restricting the use of the bson strfreev function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** MongoDB C Driver versions prior to 1.25.0 **Description** The issue is related to the `bson utf8 validate()` function in the MongoDB C Driver, which can cause an infinite loop when called with certain inputs. This may allow a remote attacker to cause a denial of service. **Recommendations** For MongoDB C Driver versions prior to 1.25.0, update to version 1.25.0 or later to resolve the issue. As a temporary workaround, consider restricting the use of the `bson utf8 validate()` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** MongoDB Compass versions prior to 1.42.2 **Description** The issue is related to insufficient sandbox protection settings with the usage of ejson shell parser in Compass' connection handling, which may allow attackers to execute malicious code on users' systems. This could potentially expose systems to code injection risks. The flaw affects the graphical user interface (GUI) of MongoDB Compass, which is widely used to query, aggregate, and analyze MongoDB data. **Recommendations** For MongoDB Compass versions prior to 1.42.2, update to version 1.42.2 or later to resolve the issue. As a temporary workaround, consider restricting the use of the ejson shell parser in Compass' connection handling to minimize the risk of exploitation. Avoid using the vulnerable component until a patch is available.