CVE-2024-6382

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2024-6382

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-6382.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-6382

Aliases

GHSA-32jf-h775-g29h

Published

2024-07-02T18:15:04.337Z

Modified

2026-03-14T12:40:40.907998Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator

Summary

[none]

Details

Incorrect handling of certain string inputs may result in MongoDB Rust driver constructing unintended server commands. This may cause unexpected application behavior including data modification. This issue affects MongoDB Rust Driver 2.0 versions prior to 2.8.2

References

https://jira.mongodb.org/browse/RUST-1881

Affected packages

Git / github.com/mongodb/mongo-rust-driver

Affected ranges

Type

GIT

Repo

https://github.com/mongodb/mongo-rust-driver

Events

Introduced

648ebe34b514fdbefbd2be27bd6e301fe0defdfc

Fixed

f424aed9638aacc7aefe6a2dd2f5b56b3b0d5b1f

Database specific

{
    "versions": [
        {
            "introduced": "2.0.0"
        },
        {
            "fixed": "2.8.2"
        }
    ]
}

Affected versions

v2.*

v2.0.0

v2.3.0-beta

v2.8.0

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-6382.json"