@mongosh/cli-repl 0.0.1-alpha.3 vulnerabilities

Known vulnerabilities in the @mongosh/cli-repl package. This does not include vulnerabilities belonging to this package’s dependencies.

Vulnerability	Vulnerable Version
M Improper Neutralization @mongosh/cli-repl is a MongoDB Shell CLI REPL Package Affected versions of this package are vulnerable to Improper Neutralization via pasting into the MongoDB Shell. An attacker with control of the user's clipboard could manipulate them to paste text into `mongosh` that evaluates arbitrary code. Control characters in the pasted text can be used to obfuscate malicious code. How to fix Improper Neutralization? Upgrade `@mongosh/cli-repl` to version 2.3.9 or higher.	<2.3.9
L Improper Neutralization @mongosh/cli-repl is a MongoDB Shell CLI REPL Package Affected versions of this package are vulnerable to Improper Neutralization via shell output. An attacker with control over the database cluster contents can inject control characters into the shell output, resulting in the display of falsified messages that appear to originate from `mongosh` or the underlying operating system, potentially misleading users into executing unsafe actions. Note: This is only exploitable if `mongosh` is connected to a cluster that is partially or fully controlled by an attacker. How to fix Improper Neutralization? Upgrade `@mongosh/cli-repl` to version 2.3.9 or higher.	<2.3.9
M Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') @mongosh/cli-repl is a MongoDB Shell CLI REPL Package Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') via the autocomplete feature. An attacker with control over the `mongosh` autocomplete feature can manipulate the autocompletion to input and execute obfuscated malicious text by tricking a user into using the 'tab' key to complete a command. Note: This is only exploitable when `mongosh` is connected to a cluster that is partially or fully controlled by the attacker. How to fix Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')? Upgrade `@mongosh/cli-repl` to version 2.3.9 or higher.	<2.3.9

Vulnerability

Vulnerable Version

Improper Neutralization

@mongosh/cli-repl is a MongoDB Shell CLI REPL Package

Affected versions of this package are vulnerable to Improper Neutralization via pasting into the MongoDB Shell. An attacker with control of the user's clipboard could manipulate them to paste text into mongosh that evaluates arbitrary code. Control characters in the pasted text can be used to obfuscate malicious code.

How to fix Improper Neutralization?

Upgrade @mongosh/cli-repl to version 2.3.9 or higher.

<2.3.9

Improper Neutralization

@mongosh/cli-repl is a MongoDB Shell CLI REPL Package

Affected versions of this package are vulnerable to Improper Neutralization via shell output. An attacker with control over the database cluster contents can inject control characters into the shell output, resulting in the display of falsified messages that appear to originate from mongosh or the underlying operating system, potentially misleading users into executing unsafe actions.

Note:

This is only exploitable if mongosh is connected to a cluster that is partially or fully controlled by an attacker.

How to fix Improper Neutralization?

Upgrade @mongosh/cli-repl to version 2.3.9 or higher.

<2.3.9

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

@mongosh/cli-repl is a MongoDB Shell CLI REPL Package

Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') via the autocomplete feature. An attacker with control over the mongosh autocomplete feature can manipulate the autocompletion to input and execute obfuscated malicious text by tricking a user into using the 'tab' key to complete a command.

Note:

This is only exploitable when mongosh is connected to a cluster that is partially or fully controlled by the attacker.

How to fix Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')?

Upgrade @mongosh/cli-repl to version 2.3.9 or higher.

<2.3.9

@mongosh/cli-repl@0.0.1-alpha.3 vulnerabilities

MongoDB Shell CLI REPL Package

latest version

latest non vulnerable version

first published

latest version published

licenses detected

Direct Vulnerabilities

How to fix?