Home
MEDIUM: 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:NMEDIUM: 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:NDefault status
unaffected
1.36.3
affected
1.36.4
affected
1.37.0
affected
1.38.0
affected
1.38.1
affected
1.38.2
affected
1.39.0
affected
1.39.1
affected
1.39.2
affected
1.39.3
affected
1.39.4
affected
1.40.0
affected
1.40.1
affected
1.40.2
affected
1.40.3
affected
1.40.4
affected
1.41.0
affected
1.42.0
affected
1.42.1
affected
1.42.2
affected
1.42.3
affected
1.42.5
affected
1.43.0
affected
1.43.1
affected
1.43.2
affected
1.43.3
affected
1.43.4
affected
1.43.5
affected
1.43.6
affected
1.44.0
affected
1.44.3
affected
1.44.4
affected
1.44.5
affected
1.44.6
affected
1.44.7
affected
1.45.0
affected
1.45.1
affected
1.45.2
affected
1.45.3
affected
1.45.4
affected
1.46.0
affected
1.46.1
affected
1.46.2
affected
1.46.3
affected
1.46.4
affected
1.46.5
affected
1.46.6
affected
1.46.7
affected
1.46.8
affected
1.46.9
affected
1.46.10
affected
1.46.11
affected
1.47.0
affected
1.47.1
affected
1.48.0
affected
1.48.1
affected
1.48.2
affected
1.49.0
affected
1.49.1
affected
1.49.2
affected
1.49.3
affected
1.49.4
affected
1.49.5
affected
Description
Prototype pollution in csv parsing logic during import can lead to untrusted file paths (but not arguments) entering shell.openExternal after specific user behavior leading to "1-click" command execution.
Problem types
CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
Product status
1.36.3
1.36.4
1.37.0
1.38.0
1.38.1
1.38.2
1.39.0
1.39.1
1.39.2
1.39.3
1.39.4
1.40.0
1.40.1
1.40.2
1.40.3
1.40.4
1.41.0
1.42.0
1.42.1
1.42.2
1.42.3
1.42.5
1.43.0
1.43.1
1.43.2
1.43.3
1.43.4
1.43.5
1.43.6
1.44.0
1.44.3
1.44.4
1.44.5
1.44.6
1.44.7
1.45.0
1.45.1
1.45.2
1.45.3
1.45.4
1.46.0
1.46.1
1.46.2
1.46.3
1.46.4
1.46.5
1.46.6
1.46.7
1.46.8
1.46.9
1.46.10
1.46.11
1.47.0
1.47.1
1.48.0
1.48.1
1.48.2
1.49.0
1.49.1
1.49.2
1.49.3
1.49.4
1.49.5
References
jira.mongodb.org/browse/COMPASS-10657