MongoDB Shell Control Character Injection Vulnerability

Vulnerability

A control character injection vulnerability has been identified in the MongoDB Shell (mongosh) versions prior to 2.3.9. This issue arises when an attacker, having control over the database cluster contents, can inject control characters that alter the shell output. The manipulation may lead to the display of misleading messages that seem to come from mongosh or the operating system, potentially tricking users into performing unsafe actions. The vulnerability can only be exploited if mongosh is connected to a cluster that is partially or fully under the attacker's control.

Impact

Exploitation of this vulnerability could mislead users by injecting falsified messages into the shell output, creating a risk of executing unsafe actions based on this misinformation.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

6.2

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

6.2

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

MongoDB Shell Control Character Injection Vulnerability

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating