MongoDB Shell may be susceptible to control character Injection via shell output
- Severity:
- Low
Description
The MongoDB Shell may be susceptible to control character injection where an attacker with control over the database cluster contents can inject control characters into the shell output.
Recommendation
Update the mongosh package to the latest compatible version. Followings are version details:
- Affected version(s): < 2.3.9
- Patched version(s): 2.3.9
References
Related Issues
- MongoDB Shell may be susceptible to Control Character Injection via autocomplete - CVE-2025-1691
- create-choo-app3 is vulnerable to Command Injection via the devInstall function - CVE-2022-25855
- Vue I18n Allows Prototype Pollution in `handleFlatJson` (GHSA-p2ph-7g93-hw3m) 5 - CVE-2025-27597
- Vue I18n Allows Prototype Pollution in `handleFlatJson` (GHSA-p2ph-7g93-hw3m) 4 - CVE-2025-27597
- Tags:
- npm
- mongosh
Anything's wrong? Let us know Last updated on February 27, 2025