CVE-2024-6382 — Improper Handling of Syntactically Invalid Structure in INC Mongodb Rust Driver

CWE-228 — Improper Handling of Syntactically Invalid Structure4 documents4 sources

Severity

7.5HIGHNVD

CNA6.4

EPSS

0.1%

top 70.52%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mongodb INC Mongodb Rust Driver Mongodb Rust Driver Mongodb

Timeline

PublishedJul 2

Description

Incorrect handling of certain string inputs may result in MongoDB Rust driver constructing unintended server commands. This may cause unexpected application behavior including data modification. This issue affects MongoDB Rust Driver 2.0 versions prior to 2.8.2

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

▶NVDmongodb/rust_driver2.0.0 — 2.8.2

▶CVEListV5mongodb_inc/mongodb_rust_driver2.0 — 2.8.2

▶crates.iomongodb/mongodb2.0.0 — 2.8.2

🔴Vulnerability Details

OSV

MongoDB Rust driver may issue unintended commands↗2024-07-02

▶

GHSA

MongoDB Rust driver may issue unintended commands↗2024-07-02

▶

CVEList

Adversarial unsanitized input may cause MongoDB Rust Driver to issue unintended commands.↗2024-07-02

▶