Unrated severityNVD Advisory· Published Apr 24, 2024· Updated Aug 7, 2024

Insufficient validation of external input in Compass may enable MITM attacks

CVE-2024-3371

Description

MongoDB Compass may accept and use insufficiently validated input from an untrusted external source. This may cause unintended application behavior, including data disclosure and enabling attackers to impersonate users. This issue affects MongoDB Compass versions 1.35.0 to 1.42.0.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

MongoDB Inc/MongoDB Compassv5
cpe:2.3:a:mongodb:compass:1.35.0:*:*:*:*:*:*:*
Range: 1.35.0
HCL Software/Compassllm-fuzzy
Range: 1.35.0 to 1.42.0

Patches

Vulnerability mechanics

References

jira.mongodb.org/browse/COMPASS-7260mitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000