CVE-2024-6382
Adversarial unsanitized input may cause MongoDB Rust Driver to issue unintended commands.
Severity Score
6.4
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
Track
*SSVC
Descriptions
Incorrect handling of certain string inputs may result in MongoDB Rust driver constructing unintended server commands. This may cause unexpected application behavior including data modification. This issue affects MongoDB Rust Driver 2.0 versions prior to 2.8.2
El manejo incorrecto de ciertas entradas de cadenas puede provocar que el controlador MongoDB Rust cree comandos de servidor no deseados. Esto puede provocar un comportamiento inesperado de la aplicación, incluida la modificación de datos. Este problema afecta a las versiones MongoDB Rust Driver 2.0 anteriores a la 2.8.2
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:Track
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2024-06-27 CVE Reserved
- 2024-07-02 CVE Published
- 2024-07-03 EPSS Updated
- 2024-08-01 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-228: Improper Handling of Syntactically Invalid Structure
CAPEC
References (1)
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| MongoDB Inc Search vendor "MongoDB Inc" | MongoDB Rust Driver Search vendor "MongoDB Inc" for product "MongoDB Rust Driver" | >= 2.0.0 < 2.8.2 Search vendor "MongoDB Inc" for product "MongoDB Rust Driver" and version " >= 2.0.0 < 2.8.2" | en |
Affected
| ||||||