2.4.0
4 years ago
9 days ago
Known vulnerabilities in the @mongosh/cli-repl package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for freeVulnerability | Vulnerable Version |
---|---|
@mongosh/cli-repl is a MongoDB Shell CLI REPL Package Affected versions of this package are vulnerable to Improper Neutralization via pasting into the MongoDB Shell. An attacker with control of the user's clipboard could manipulate them to paste text into How to fix Improper Neutralization? Upgrade | <2.3.9 |
@mongosh/cli-repl is a MongoDB Shell CLI REPL Package Affected versions of this package are vulnerable to Improper Neutralization via shell output. An attacker with control over the database cluster contents can inject control characters into the shell output, resulting in the display of falsified messages that appear to originate from Note: This is only exploitable if How to fix Improper Neutralization? Upgrade | <2.3.9 |
@mongosh/cli-repl is a MongoDB Shell CLI REPL Package Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') via the autocomplete feature. An attacker with control over the Note: This is only exploitable when How to fix Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')? Upgrade | <2.3.9 |