Vulnerability Details CVE-2024-3371
MongoDB Compass may accept and use insufficiently validated input from an untrusted external source. This may cause unintended application behavior, including data disclosure and enabling attackers to impersonate users. This issue affects MongoDB Compass versions 1.35.0 to 1.42.0.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 22.9%
CVSS Severity
CVSS v3 Score 7.1
References
Products affected by CVE-2024-3371
-
cpe:2.3:a:mongodb:compass:1.35.0
-
cpe:2.3:a:mongodb:compass:1.36.0
-
cpe:2.3:a:mongodb:compass:1.36.2
-
cpe:2.3:a:mongodb:compass:1.36.3
-
cpe:2.3:a:mongodb:compass:1.36.4
-
cpe:2.3:a:mongodb:compass:1.37.0
-
cpe:2.3:a:mongodb:compass:1.38.0
-
cpe:2.3:a:mongodb:compass:1.38.1
-
cpe:2.3:a:mongodb:compass:1.38.2
-
cpe:2.3:a:mongodb:compass:1.39.0
-
cpe:2.3:a:mongodb:compass:1.39.1
-
cpe:2.3:a:mongodb:compass:1.39.2
-
cpe:2.3:a:mongodb:compass:1.39.3
-
cpe:2.3:a:mongodb:compass:1.39.4
-
cpe:2.3:a:mongodb:compass:1.40.0
-
cpe:2.3:a:mongodb:compass:1.40.1
-
cpe:2.3:a:mongodb:compass:1.40.2
-
cpe:2.3:a:mongodb:compass:1.40.3
-
cpe:2.3:a:mongodb:compass:1.40.4
-
cpe:2.3:a:mongodb:compass:1.41.0
-
cpe:2.3:a:mongodb:compass:1.42.0