CVE-2024-6382
MEDIUM6.4EPSS 0.11%MongoDB Rust driver may issue unintended commands
Published: 7/2/2024Modified: 10/2/2025
Also known as:GHSA-32jf-h775-g29h
Description
Incorrect handling of certain string inputs may result in MongoDB Rust driver constructing unintended server commands. This may cause unexpected application behavior including data modification. This issue affects MongoDB Rust Driver 2.0 versions prior to 2.8.2
Affected packages (1)
- crates.io/mongodb>= 2.0.0, < 2.8.2
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM6.4 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L |
References (6)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2024-6382
- PATCHhttps://github.com/mongodb/mongo-rust-driver
- WEBhttps://github.com/mongodb/mongo-rust-driver/commit/8eac3bc6dc37a6d7667ed6c1a895c224e3ff47e1
- WEBhttps://github.com/mongodb/mongo-rust-driver/commit/a3fe6c84ce6287348b1268f651fdac9fbed66187
- WEBhttps://github.com/mongodb/mongo-rust-driver/pull/1045
- WEBhttps://jira.mongodb.org/browse/RUST-1881