CVE-2024-6382 | Mend Vulnerability Database

Vulnerability DatabaseCVE-2024-6382

CVE-2024-6382

July 02, 2024

Incorrect handling of certain string inputs may result in MongoDB Rust driver constructing unintended server commands. This may cause unexpected application behavior including data modification. This issue affects MongoDB Rust Driver 2.0 versions prior to 2.8.2

Related Resources (6)

https://nvd.nist.gov/vuln/detail/CVE-2024-6382

https://github.com/mongodb/mongo-rust-driver/pull/1045

https://github.com/mongodb/mongo-rust-driver

https://github.com/mongodb/mongo-rust-driver/commit/8eac3bc6dc37a6d7667ed6c1a895c224e3ff47e1

https://github.com/mongodb/mongo-rust-driver/commit/a3fe6c84ce6287348b1268f651fdac9fbed66187

https://jira.mongodb.org/browse/RUST-1881

Do you need more information?

CVSS v4

Base Score:

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Attack Requirements

NONE

Privileges Required

LOW

User Interaction

NONE

Vulnerable System Confidentiality

NONE

Vulnerable System Integrity

LOW

Vulnerable System Availability

LOW

Subsequent System Confidentiality

NONE

Subsequent System Integrity

LOW

Subsequent System Availability

LOW

CVSS v3

Base Score:

6.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality

NONE

Integrity

LOW

Availability

LOW

Weakness Type (CWE)

Improper Handling of Syntactically Invalid Structure

CWE-228

EPSS

Base Score:

0.11

Products

Solutions

Resources

Company

Compare

Developer Tools