cbcvebase.
CVE-2022-48282
published 2023-02-21

CVE-2022-48282: Under very specific circumstances (see Required configuration section below), a privileged user is able to cause arbitrary code to be executed which may cause…

PriorityP345high7.2CVSS 3.1
AVNACLPRHUINSUCHIHAH
EPSS
1.05%
60.0th percentile
Under very specific circumstances (see Required configuration section below), a privileged user is able to cause arbitrary code to be executed which may cause further disruption to services. This is specific to applications written in C#. This affects all MongoDB .NET/C# Driver versions prior to and including v2.18.0 Following configuration must be true for the vulnerability to be applicable: * Application must written in C# taking arbitrary data from users and serializing data using _t without any validation AND * Application must be running on a Windows host using the full .NET Framework, not .NET Core AND * Application must have domain model class with a property/field explicitly of type System.Object or a collection of type System.Object (against MongoDB best practice) AND * Malicious attacker must have unrestricted insert access to target database to add a _t discriminator."Following configuration must be true for the vulnerability to be applicable

Affected

2 ranges
VendorProductVersion rangeFixed in
mongodbc_driver< 2.19.02.19.0
mongodb_incmongodb_net_c_driver<= v2.18.0
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.