MongoDB Shell may be susceptible to control character Injection via shell output

Severity:: Low

Description

The MongoDB Shell may be susceptible to control character injection where an attacker with control over the database cluster contents can inject control characters into the shell output.

Recommendation

Update the mongosh package to the latest compatible version. Followings are version details:

Affected version(s): < 2.3.9
Patched version(s): 2.3.9

References

GHSA-r95j-4jvf-mrrw
jira.mongodb.org
CVE-2025-1693
CWE-150
CAPEC-310
OWASP 2021-A6

Related Issues

MongoDB Shell may be susceptible to control character injection via pasting - CVE-2025-1692
MongoDB Shell may be susceptible to Control Character Injection via autocomplete - CVE-2025-1691
tarteaucitron.js allows UI manipulation via unrestricted CSS injection - CVE-2025-31138
Lightning Flow Scanner Vulnerable to Code Injection via Unsafe Use of `new Function()` in APIVersion Rule - CVE-2025-67750

Tags:: npm; mongosh

Anything's wrong? Let us know Last updated on February 27, 2025