Homepage

compass-preferences-model@1.7.2 vulnerabilities

Compass preferences model

  • latest version

    2.33.5

  • latest non vulnerable version

    2.33.5

  • first published

    6 years ago

  • latest version published

    9 days ago

  • licenses detected

    • SSPL-1.0
      >=0.0.0-experimental-1c53312ce4905234885618d41ae95fde9c21aa18 <0.0.1; >=1.0.0
  • View compass-preferences-model package health on Snyk Advisor  (opens in a new tab)
    • Go back to all versions of this package
    Report a new vulnerability Found a mistake?

    Direct Vulnerabilities

    Known vulnerabilities in the compass-preferences-model package. This does not include vulnerabilities belonging to this package’s dependencies.

    How to fix?

    Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

    Fix for free
    VulnerabilityVulnerable Version
    • H
    Untrusted Search Path

    compass-preferences-model is a Compass preferences model

    Affected versions of this package are vulnerable to Untrusted Search Path due to the improper handling of file storage in the C:\node_modules\ directory. An attacker can execute unauthorized actions with elevated privileges by storing a crafted file in this specific directory.

    Note:

    This is only exploitable if the user executes MongoDB Compass with elevated privileges.

    How to fix Untrusted Search Path?

    Upgrade compass-preferences-model to version 2.18.1 or higher.

    <2.18.1
    Go back to all versions of this package