compass-preferences-model@1.7.2 vulnerabilities

Compass preferences model

  • latest version

    2.33.2

  • latest non vulnerable version

  • first published

    6 years ago

  • latest version published

    10 days ago

  • licenses detected

    • >=0.0.0-experimental-1c53312ce4905234885618d41ae95fde9c21aa18 <0.0.1; >=1.0.0
  • Direct Vulnerabilities

    Known vulnerabilities in the compass-preferences-model package. This does not include vulnerabilities belonging to this package’s dependencies.

    How to fix?

    Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

    Fix for free
    VulnerabilityVulnerable Version
    • H
    Untrusted Search Path

    compass-preferences-model is a Compass preferences model

    Affected versions of this package are vulnerable to Untrusted Search Path due to the improper handling of file storage in the C:\node_modules\ directory. An attacker can execute unauthorized actions with elevated privileges by storing a crafted file in this specific directory.

    Note:

    This is only exploitable if the user executes MongoDB Compass with elevated privileges.

    How to fix Untrusted Search Path?

    Upgrade compass-preferences-model to version 2.18.1 or higher.

    <2.18.1