CVE-2024-7553

Source
https://nvd.nist.gov/vuln/detail/CVE-2024-7553
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-7553.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-7553
Aliases
Related
Published
2024-08-07T10:15:39Z
Modified
2025-02-19T03:41:47.873967Z
Severity
  • 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

Incorrect validation of files loaded from a local untrusted directory may allow local privilege escalation if the underlying operating systems is Windows. This may result in the application executing arbitrary behaviour determined by the contents of untrusted files. This issue affects MongoDB Server v5.0 versions prior to 5.0.27, MongoDB Server v6.0 versions prior to 6.0.16, MongoDB Server v7.0 versions prior to 7.0.12, MongoDB Server v7.3 versions prior 7.3.3, MongoDB C Driver versions prior to 1.26.2 and MongoDB PHP Driver versions prior to 1.18.1.

Required Configuration:

Only environments with Windows as the underlying operating system is affected by this issue

References

Affected packages

Git / github.com/mongodb/mongo

Affected ranges

Type
GIT
Repo
https://github.com/mongodb/mongo
Events
Type
GIT
Repo
https://github.com/mongodb/mongo-c-driver
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Type
GIT
Repo
https://github.com/mongodb/mongo-php-driver
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed

Affected versions

0.*

0.1.0
0.1.1
0.1.2
0.1.3
0.1.4
0.1.5
0.2.0
0.3.0
0.3.1
0.4.0
0.4.1
0.5.0
0.5.1
0.6.0
0.6.1
0.6.2
0.6.3
0.90.0
0.92.0
0.92.2
0.94.0
0.94.2
0.96.0
0.96.4
0.98.0
0.98.2

1.*

1.0.0
1.0.0RC0
1.0.0alpha1
1.0.0alpha2
1.0.0beta1
1.0.0beta2
1.0.1
1.0.2
1.1.0
1.1.0-rc0
1.1.1
1.1.10
1.1.11
1.1.2
1.1.3
1.1.4
1.1.5
1.1.6
1.1.7
1.1.8
1.1.9
1.10.0
1.10.0alpha1
1.11.0
1.11.0alpha1
1.11.1
1.12.0
1.12.1
1.13.0
1.14.0
1.14.0beta1
1.14.1
1.14.2
1.15.0
1.15.1
1.15.2
1.15.3
1.16.0
1.16.1
1.16.2
1.17.0
1.17.1
1.17.2
1.17.3
1.18.0
1.2.0
1.2.0-beta
1.2.0-beta1
1.2.0-rc0
1.2.0alpha1
1.2.0alpha2
1.2.0alpha3
1.2.1
1.2.10
1.2.11
1.2.2
1.2.3
1.2.4
1.2.5
1.2.6
1.2.7
1.2.8
1.2.9
1.26.0
1.26.1
1.3.0
1.3.0-rc0
1.3.0RC1
1.3.0beta1
1.3.0beta2
1.3.1
1.3.2
1.3.3
1.3.4
1.4.0
1.4.0-beta1
1.4.0RC1
1.4.0RC2
1.4.0beta1
1.4.1
1.4.2
1.4.3
1.4.4
1.5.0
1.5.0-rc0
1.5.0-rc1
1.5.0-rc2
1.5.0-rc3
1.5.0-rc4
1.5.1
1.5.2
1.5.3
1.5.4
1.5.5
1.6.0
1.6.0-rc0
1.6.0RC1
1.6.0alpha1
1.6.0alpha2
1.6.0alpha3
1.6.1
1.7.0
1.7.0-rc0
1.7.1
1.7.2
1.7.3
1.7.4
1.7.5
1.8.0
1.8.0RC1
1.8.0beta1
1.8.0beta2
1.8.1
1.8.2
1.9.0
1.9.0-RC1
1.9.0-rc0
1.9.0-rc1
1.9.1
1.9.2

r5.*

r5.0.0
r5.0.1
r5.0.1-rc0
r5.0.10
r5.0.10-rc0
r5.0.11
r5.0.11-rc0
r5.0.11-rc1
r5.0.12
r5.0.12-rc0
r5.0.13
r5.0.13-rc0
r5.0.14
r5.0.14-rc0
r5.0.15
r5.0.15-rc0
r5.0.15-rc1
r5.0.15-rc2
r5.0.16
r5.0.16-rc0
r5.0.17
r5.0.17-rc0
r5.0.18
r5.0.18-rc0
r5.0.18-rc1
r5.0.18-rc2
r5.0.19
r5.0.19-rc0
r5.0.2
r5.0.2-rc0
r5.0.20
r5.0.20-rc0
r5.0.20-rc1
r5.0.21
r5.0.21-rc0
r5.0.22
r5.0.22-rc0
r5.0.22-rc1
r5.0.23
r5.0.23-rc0
r5.0.24
r5.0.24-rc0
r5.0.25
r5.0.25-rc0
r5.0.26
r5.0.26-rc0
r5.0.3
r5.0.3-rc0
r5.0.3-rc1
r5.0.3-rc2
r5.0.4
r5.0.4-rc0
r5.0.5
r5.0.5-rc0
r5.0.6
r5.0.6-rc0
r5.0.6-rc1
r5.0.6-rc2
r5.0.7
r5.0.7-rc0
r5.0.7-rc1
r5.0.8
r5.0.8-rc0
r5.0.9
r5.0.9-rc0
r5.0.9-rc1