Description
A malicious 3rd party with local access to the Windows machine where MongoDB Compass is installed can execute arbitrary software with the privileges of the user who is running MongoDB Compass. This issue affects: MongoDB Inc. MongoDB Compass 1.x version 1.3.0 on Windows and later versions; 1.x versions prior to 1.25.0 on Windows.
Remediation
References
https://jira.mongodb.org/browse/COMPASS-4510
Related Vulnerabilities
CVE-2023-25764 Vulnerability in maven package org.jenkins-ci.plugins:email-ext
CVE-2023-48238 Vulnerability in npm package json-web-token
CVE-2023-37912 Vulnerability in maven package org.xwiki.rendering:xwiki-rendering-macro-footnotes
CVE-2020-5398 Vulnerability in maven package org.springframework:spring-web
CVE-2016-4464 Vulnerability in maven package org.apache.cxf.fediz:fediz-core