CVE-2025-1692

MEDIUM Year: 2025
CVSS v3 Score
6.3
Medium
Weakness Type
CWE-150
View all →

Vulnerability Description

The MongoDB Shell may be susceptible to control character injection where an attacker with control of the user’s clipboard could manipulate them to paste text into mongosh that evaluates arbitrary code. Control characters in the pasted text can be used to obfuscate malicious code. This issue affects mongosh versions prior to 2.3.9

Related Vulnerabilities

CVE-2024-27936

MEDIUM
CVSS:6.5(Medium)

Deno is a JavaScript, TypeScript, and WebAssembly runtime with secure defaults. Starting in version 1.32.1 and prior to version 1.41.0 of the deno library, maliciously crafted permission request can s...

CWE-1502024

CVE-2024-9774

MEDIUM
CVSS:6.5(Medium)

A vulnerability was found in python-sql where unary operators do not escape non-Expression.

CWE-1502024

CVE-2024-33899

HIGH
CVSS:7.1(High)

RARLAB WinRAR before 7.00, on Linux and UNIX platforms, allows attackers to spoof the screen output, or cause a denial of service, via ANSI escape sequences.

CWE-1502024

CVE-2025-30089

MEDIUM
CVSS:5.4(Medium)

gurk (aka gurk-rs) through 0.6.3 mishandles ANSI escape sequences.

CWE-1502025

CVE-2024-36052

HIGH
CVSS:7.5(High)

RARLAB WinRAR before 7.00, on Windows, allows attackers to spoof the screen output via ANSI escape sequences, a different issue than CVE-2024-33899.

CWE-1502024

CVE-2022-30123

CRITICAL
CVSS:10.0(Critical)

A sequence injection vulnerability exists in Rack <2.0.9.1, <2.1.4.1 and <2.2.3.1 which could allow is a possible shell escape in the Lint and CommonLogger components of Rack.

CWE-1502022