CVE-2024-6376

Name of the Vulnerable Software and Affected Versions MongoDB Compass versions prior to 1.42.2

Description The issue is related to insufficient sandbox protection settings with the usage of ejson shell parser in Compass' connection handling, which may allow attackers to execute malicious code on users' systems. This could potentially expose systems to code injection risks. The flaw affects the graphical user interface (GUI) of MongoDB Compass, which is widely used to query, aggregate, and analyze MongoDB data.

Recommendations For MongoDB Compass versions prior to 1.42.2, update to version 1.42.2 or later to resolve the issue. As a temporary workaround, consider restricting the use of the ejson shell parser in Compass' connection handling to minimize the risk of exploitation. Avoid using the vulnerable component until a patch is available.