MongoDB Product Security Update Advisory (CVE-2024-6376)

Jul 09 2024

Overview

A security update has been released addressing vulnerabilities in the MongoDB Compass product. Users of the affected product are advised to update to the latest version.

Affected Products

MongoDB Compass versions: ~ 1.42.2 (excluded)

Resolved Vulnerabilities

A vulnerability in MongoDB Compass’s connection handling may be susceptible to code injection due to insufficient sandbox protection settings when using the ejson shell parser (CVE-2024-6376)

Vulnerability Patches

Vulnerability patches for the product were made available in the 07/01/2024 update. Please follow the instructions on the Referenced Sites to update to the latest version

MongoDB Compass version: 1.42.2

Referenced Sites

[1] CVE-2024-6376 Detail

https://nvd.nist.gov/vuln/detail/CVE-2024-6376

[2] ejson shell parser in MongoDB Compass maybe bypassed

https://jira.mongodb.org/browse/COMPASS-7496

MongoDB Product Security Update Advisory (CVE-2024-6376)

GeoServer and GeoTools Security Update Advisory (CVE-2024-36401)

DELL Family (Client BIOS, Data Protection, Telemetry Dashboard) Security Update Advisory

Tags:

GeoServer and GeoTools Security Update Advisory (CVE-2024-36401)

DELL Family (Client BIOS, Data Protection, Telemetry Dashboard) Security Update Advisory