CVE-2024-6382
MEDIUM6.4EPSS 0.11%MongoDB Rust driver may issue unintended commands
發布日:2024/7/2修改日:2025/10/2
描述
Incorrect handling of certain string inputs may result in MongoDB Rust driver constructing unintended server commands. This may cause unexpected application behavior including data modification. This issue affects MongoDB Rust Driver 2.0 versions prior to 2.8.2
受影響套件(1)
- crates.io/mongodb>= 2.0.0, < 2.8.2
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM6.4 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L |
參考連結(6)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2024-6382
- PATCHhttps://github.com/mongodb/mongo-rust-driver
- WEBhttps://github.com/mongodb/mongo-rust-driver/commit/8eac3bc6dc37a6d7667ed6c1a895c224e3ff47e1
- WEBhttps://github.com/mongodb/mongo-rust-driver/commit/a3fe6c84ce6287348b1268f651fdac9fbed66187
- WEBhttps://github.com/mongodb/mongo-rust-driver/pull/1045
- WEBhttps://jira.mongodb.org/browse/RUST-1881