Search criteria
2 vulnerabilities found for MongoDB Rust Driver by MongoDB Inc
CVE-2024-6382 (GCVE-0-2024-6382)
Vulnerability from nvd – Published: 2024-07-02 17:17 – Updated: 2024-08-01 21:41
VLAI?
Title
Adversarial unsanitized input may cause MongoDB Rust Driver to issue unintended commands.
Summary
Incorrect handling of certain string inputs may result in MongoDB Rust driver constructing unintended server commands. This may cause unexpected application behavior including data modification. This issue affects MongoDB Rust Driver 2.0 versions prior to 2.8.2
Severity ?
6.4 (Medium)
CWE
- CWE-228 - Improper Handling of Syntactically Invalid Structure
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| MongoDB Inc | MongoDB Rust Driver |
Affected:
2.0 , < 2.8.2
(custom)
cpe:2.3:a:mongodb:rust-driver:2.0.0:alpha:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:rust-driver:2.0.0:alpha1:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:rust-driver:2.0.0:beta:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:rust-driver:2.0.0:beta1:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:rust-driver:2.0.0:beta2:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:rust-driver:2.0.0:beta3:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:rust-driver:2.0.0:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:rust-driver:2.0.1:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:rust-driver:2.0.2:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:rust-driver:2.1.0:beta:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:rust-driver:2.1.0:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:rust-driver:2.2.0:beta:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:rust-driver:2.2.0:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:rust-driver:2.2.1:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:rust-driver:2.2.2:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:rust-driver:2.2.3:beta:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:rust-driver:2.3.0:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:rust-driver:2.3.1:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:rust-driver:2.4.0:beta:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:rust-driver:2.4.0:beta2:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:rust-driver:2.4.0:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:rust-driver:2.5.0:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:rust-driver:2.6.0:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:rust-driver:2.6.1:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:rust-driver:2.7.0:beta:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:rust-driver:2.7.0:beta1:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:rust-driver:2.7.0:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:rust-driver:2.7.1:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:rust-driver:2.8.0:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:rust-driver:2.8.1:*:*:*:*:mongodb:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-6382",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-02T19:25:24.875879Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-02T19:38:21.077Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:41:03.220Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://jira.mongodb.org/browse/RUST-1881"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:mongodb:rust-driver:2.0.0:alpha:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:rust-driver:2.0.0:alpha1:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:rust-driver:2.0.0:beta:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:rust-driver:2.0.0:beta1:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:rust-driver:2.0.0:beta2:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:rust-driver:2.0.0:beta3:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:rust-driver:2.0.0:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:rust-driver:2.0.1:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:rust-driver:2.0.2:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:rust-driver:2.1.0:beta:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:rust-driver:2.1.0:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:rust-driver:2.2.0:beta:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:rust-driver:2.2.0:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:rust-driver:2.2.1:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:rust-driver:2.2.2:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:rust-driver:2.2.3:beta:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:rust-driver:2.3.0:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:rust-driver:2.3.1:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:rust-driver:2.4.0:beta:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:rust-driver:2.4.0:beta2:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:rust-driver:2.4.0:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:rust-driver:2.5.0:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:rust-driver:2.6.0:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:rust-driver:2.6.1:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:rust-driver:2.7.0:beta:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:rust-driver:2.7.0:beta1:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:rust-driver:2.7.0:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:rust-driver:2.7.1:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:rust-driver:2.8.0:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:rust-driver:2.8.1:*:*:*:*:mongodb:*:*"
],
"defaultStatus": "unaffected",
"product": "MongoDB Rust Driver",
"vendor": "MongoDB Inc",
"versions": [
{
"lessThan": "2.8.2",
"status": "affected",
"version": "2.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2024-07-02T17:17:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIncorrect handling of certain string inputs may result in MongoDB Rust driver constructing unintended server commands. This may cause unexpected application behavior including data modification. This issue affects MongoDB Rust Driver 2.0 versions prior to 2.8.2\u003c/p\u003e"
}
],
"value": "Incorrect handling of certain string inputs may result in MongoDB Rust driver constructing unintended server commands. This may cause unexpected application behavior including data modification. This issue affects MongoDB Rust Driver 2.0 versions prior to 2.8.2"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-228",
"description": "CWE-228: Improper Handling of Syntactically Invalid Structure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-02T17:17:50.237Z",
"orgId": "a39b4221-9bd0-4244-95fc-f3e2e07f1deb",
"shortName": "mongodb"
},
"references": [
{
"url": "https://jira.mongodb.org/browse/RUST-1881"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Adversarial unsanitized input may cause MongoDB Rust Driver to issue unintended commands.",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "a39b4221-9bd0-4244-95fc-f3e2e07f1deb",
"assignerShortName": "mongodb",
"cveId": "CVE-2024-6382",
"datePublished": "2024-07-02T17:17:50.237Z",
"dateReserved": "2024-06-27T08:37:36.558Z",
"dateUpdated": "2024-08-01T21:41:03.220Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-6382 (GCVE-0-2024-6382)
Vulnerability from cvelistv5 – Published: 2024-07-02 17:17 – Updated: 2024-08-01 21:41
VLAI?
Title
Adversarial unsanitized input may cause MongoDB Rust Driver to issue unintended commands.
Summary
Incorrect handling of certain string inputs may result in MongoDB Rust driver constructing unintended server commands. This may cause unexpected application behavior including data modification. This issue affects MongoDB Rust Driver 2.0 versions prior to 2.8.2
Severity ?
6.4 (Medium)
CWE
- CWE-228 - Improper Handling of Syntactically Invalid Structure
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| MongoDB Inc | MongoDB Rust Driver |
Affected:
2.0 , < 2.8.2
(custom)
cpe:2.3:a:mongodb:rust-driver:2.0.0:alpha:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:rust-driver:2.0.0:alpha1:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:rust-driver:2.0.0:beta:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:rust-driver:2.0.0:beta1:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:rust-driver:2.0.0:beta2:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:rust-driver:2.0.0:beta3:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:rust-driver:2.0.0:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:rust-driver:2.0.1:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:rust-driver:2.0.2:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:rust-driver:2.1.0:beta:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:rust-driver:2.1.0:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:rust-driver:2.2.0:beta:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:rust-driver:2.2.0:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:rust-driver:2.2.1:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:rust-driver:2.2.2:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:rust-driver:2.2.3:beta:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:rust-driver:2.3.0:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:rust-driver:2.3.1:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:rust-driver:2.4.0:beta:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:rust-driver:2.4.0:beta2:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:rust-driver:2.4.0:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:rust-driver:2.5.0:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:rust-driver:2.6.0:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:rust-driver:2.6.1:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:rust-driver:2.7.0:beta:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:rust-driver:2.7.0:beta1:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:rust-driver:2.7.0:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:rust-driver:2.7.1:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:rust-driver:2.8.0:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:rust-driver:2.8.1:*:*:*:*:mongodb:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-6382",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-02T19:25:24.875879Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-02T19:38:21.077Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:41:03.220Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://jira.mongodb.org/browse/RUST-1881"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:mongodb:rust-driver:2.0.0:alpha:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:rust-driver:2.0.0:alpha1:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:rust-driver:2.0.0:beta:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:rust-driver:2.0.0:beta1:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:rust-driver:2.0.0:beta2:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:rust-driver:2.0.0:beta3:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:rust-driver:2.0.0:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:rust-driver:2.0.1:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:rust-driver:2.0.2:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:rust-driver:2.1.0:beta:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:rust-driver:2.1.0:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:rust-driver:2.2.0:beta:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:rust-driver:2.2.0:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:rust-driver:2.2.1:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:rust-driver:2.2.2:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:rust-driver:2.2.3:beta:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:rust-driver:2.3.0:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:rust-driver:2.3.1:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:rust-driver:2.4.0:beta:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:rust-driver:2.4.0:beta2:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:rust-driver:2.4.0:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:rust-driver:2.5.0:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:rust-driver:2.6.0:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:rust-driver:2.6.1:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:rust-driver:2.7.0:beta:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:rust-driver:2.7.0:beta1:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:rust-driver:2.7.0:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:rust-driver:2.7.1:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:rust-driver:2.8.0:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:rust-driver:2.8.1:*:*:*:*:mongodb:*:*"
],
"defaultStatus": "unaffected",
"product": "MongoDB Rust Driver",
"vendor": "MongoDB Inc",
"versions": [
{
"lessThan": "2.8.2",
"status": "affected",
"version": "2.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2024-07-02T17:17:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIncorrect handling of certain string inputs may result in MongoDB Rust driver constructing unintended server commands. This may cause unexpected application behavior including data modification. This issue affects MongoDB Rust Driver 2.0 versions prior to 2.8.2\u003c/p\u003e"
}
],
"value": "Incorrect handling of certain string inputs may result in MongoDB Rust driver constructing unintended server commands. This may cause unexpected application behavior including data modification. This issue affects MongoDB Rust Driver 2.0 versions prior to 2.8.2"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-228",
"description": "CWE-228: Improper Handling of Syntactically Invalid Structure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-02T17:17:50.237Z",
"orgId": "a39b4221-9bd0-4244-95fc-f3e2e07f1deb",
"shortName": "mongodb"
},
"references": [
{
"url": "https://jira.mongodb.org/browse/RUST-1881"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Adversarial unsanitized input may cause MongoDB Rust Driver to issue unintended commands.",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "a39b4221-9bd0-4244-95fc-f3e2e07f1deb",
"assignerShortName": "mongodb",
"cveId": "CVE-2024-6382",
"datePublished": "2024-07-02T17:17:50.237Z",
"dateReserved": "2024-06-27T08:37:36.558Z",
"dateUpdated": "2024-08-01T21:41:03.220Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}