Moderate severityNVD Advisory· Published Jul 2, 2024· Updated Aug 1, 2024
Adversarial unsanitized input may cause MongoDB Rust Driver to issue unintended commands.
CVE-2024-6382
Description
Incorrect handling of certain string inputs may result in MongoDB Rust driver constructing unintended server commands. This may cause unexpected application behavior including data modification. This issue affects MongoDB Rust Driver 2.0 versions prior to 2.8.2
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
mongodbcrates.io | >= 2.0.0, < 2.8.2 | 2.8.2 |
Affected products
2- MongoDB Inc/MongoDB Rust Driverv5cpe:2.3:a:mongodb:rust-driver:2.0.0:alpha:*:*:*:mongodb:*:*Range: 2.0
Patches
Vulnerability mechanics
References
6- github.com/advisories/GHSA-32jf-h775-g29hghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2024-6382ghsaADVISORY
- github.com/mongodb/mongo-rust-driver/commit/8eac3bc6dc37a6d7667ed6c1a895c224e3ff47e1ghsaWEB
- github.com/mongodb/mongo-rust-driver/commit/a3fe6c84ce6287348b1268f651fdac9fbed66187ghsaWEB
- github.com/mongodb/mongo-rust-driver/pull/1045ghsaWEB
- jira.mongodb.org/browse/RUST-1881ghsaWEB
News mentions
0No linked articles in our index yet.