Description
mongosh may be susceptible to local privilege escalation under certain conditions potentially enabling unauthorized actions on a user’s system with elevated privilege, when a crafted file is stored in C:\node_modules. This issue affects mongosh prior to 2.3.0.
Recommendation
Update the mongosh package to the latest compatible version. Followings are version details:
- Affected version(s): < 2.3.0
- Patched version(s): 2.3.0
References
- GHSA-f5w3-73h4-jpcm
- access.redhat.com
- jira.mongodb.org
- CVE-2025-1756
- CWE-426
- CAPEC-310
- OWASP 2021-A6
- OWASP 2021-A8
Related Issues
- MongoDB Shell may be susceptible to control character Injection via shell output - CVE-2025-1693
- MongoDB Shell may be susceptible to Control Character Injection via autocomplete - CVE-2025-1691
- @langchain/community SQL Injection vulnerability - CVE-2024-7042
- Incorrect default cookie name and recommendation - Vulnerability
- Tags:
- npm
- mongosh
Anything's wrong? Let us know Last updated on February 27, 2025