Search criteria
2 vulnerabilities found for MongoDB Rust Driver by MongoDB Inc
CVE-2024-6382 (GCVE-0-2024-6382)
Vulnerability from cvelistv5 – Published: 2024-07-02 17:17 – Updated: 2024-08-01 21:41
VLAI
Title
Adversarial unsanitized input may cause MongoDB Rust Driver to issue unintended commands.
Summary
Incorrect handling of certain string inputs may result in MongoDB Rust driver constructing unintended server commands. This may cause unexpected application behavior including data modification. This issue affects MongoDB Rust Driver 2.0 versions prior to 2.8.2
Severity
6.4 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-228 - Improper Handling of Syntactically Invalid Structure
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| MongoDB Inc | MongoDB Rust Driver |
Affected:
2.0 , < 2.8.2
(custom)
cpe:2.3:a:mongodb:rust-driver:2.0.0:alpha:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:rust-driver:2.0.0:alpha1:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:rust-driver:2.0.0:beta:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:rust-driver:2.0.0:beta1:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:rust-driver:2.0.0:beta2:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:rust-driver:2.0.0:beta3:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:rust-driver:2.0.0:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:rust-driver:2.0.1:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:rust-driver:2.0.2:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:rust-driver:2.1.0:beta:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:rust-driver:2.1.0:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:rust-driver:2.2.0:beta:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:rust-driver:2.2.0:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:rust-driver:2.2.1:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:rust-driver:2.2.2:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:rust-driver:2.2.3:beta:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:rust-driver:2.3.0:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:rust-driver:2.3.1:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:rust-driver:2.4.0:beta:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:rust-driver:2.4.0:beta2:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:rust-driver:2.4.0:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:rust-driver:2.5.0:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:rust-driver:2.6.0:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:rust-driver:2.6.1:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:rust-driver:2.7.0:beta:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:rust-driver:2.7.0:beta1:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:rust-driver:2.7.0:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:rust-driver:2.7.1:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:rust-driver:2.8.0:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:rust-driver:2.8.1:*:*:*:*:mongodb:*:* |
Date Public
2024-07-02 17:17
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-6382",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-02T19:25:24.875879Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-02T19:38:21.077Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:41:03.220Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://jira.mongodb.org/browse/RUST-1881"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:mongodb:rust-driver:2.0.0:alpha:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:rust-driver:2.0.0:alpha1:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:rust-driver:2.0.0:beta:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:rust-driver:2.0.0:beta1:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:rust-driver:2.0.0:beta2:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:rust-driver:2.0.0:beta3:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:rust-driver:2.0.0:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:rust-driver:2.0.1:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:rust-driver:2.0.2:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:rust-driver:2.1.0:beta:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:rust-driver:2.1.0:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:rust-driver:2.2.0:beta:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:rust-driver:2.2.0:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:rust-driver:2.2.1:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:rust-driver:2.2.2:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:rust-driver:2.2.3:beta:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:rust-driver:2.3.0:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:rust-driver:2.3.1:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:rust-driver:2.4.0:beta:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:rust-driver:2.4.0:beta2:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:rust-driver:2.4.0:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:rust-driver:2.5.0:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:rust-driver:2.6.0:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:rust-driver:2.6.1:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:rust-driver:2.7.0:beta:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:rust-driver:2.7.0:beta1:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:rust-driver:2.7.0:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:rust-driver:2.7.1:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:rust-driver:2.8.0:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:rust-driver:2.8.1:*:*:*:*:mongodb:*:*"
],
"defaultStatus": "unaffected",
"product": "MongoDB Rust Driver",
"vendor": "MongoDB Inc",
"versions": [
{
"lessThan": "2.8.2",
"status": "affected",
"version": "2.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2024-07-02T17:17:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIncorrect handling of certain string inputs may result in MongoDB Rust driver constructing unintended server commands. This may cause unexpected application behavior including data modification. This issue affects MongoDB Rust Driver 2.0 versions prior to 2.8.2\u003c/p\u003e"
}
],
"value": "Incorrect handling of certain string inputs may result in MongoDB Rust driver constructing unintended server commands. This may cause unexpected application behavior including data modification. This issue affects MongoDB Rust Driver 2.0 versions prior to 2.8.2"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-228",
"description": "CWE-228: Improper Handling of Syntactically Invalid Structure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-02T17:17:50.237Z",
"orgId": "a39b4221-9bd0-4244-95fc-f3e2e07f1deb",
"shortName": "mongodb"
},
"references": [
{
"url": "https://jira.mongodb.org/browse/RUST-1881"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Adversarial unsanitized input may cause MongoDB Rust Driver to issue unintended commands.",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "a39b4221-9bd0-4244-95fc-f3e2e07f1deb",
"assignerShortName": "mongodb",
"cveId": "CVE-2024-6382",
"datePublished": "2024-07-02T17:17:50.237Z",
"dateReserved": "2024-06-27T08:37:36.558Z",
"dateUpdated": "2024-08-01T21:41:03.220Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-6382 (GCVE-0-2024-6382)
Vulnerability from nvd – Published: 2024-07-02 17:17 – Updated: 2024-08-01 21:41
VLAI
Title
Adversarial unsanitized input may cause MongoDB Rust Driver to issue unintended commands.
Summary
Incorrect handling of certain string inputs may result in MongoDB Rust driver constructing unintended server commands. This may cause unexpected application behavior including data modification. This issue affects MongoDB Rust Driver 2.0 versions prior to 2.8.2
Severity
6.4 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-228 - Improper Handling of Syntactically Invalid Structure
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| MongoDB Inc | MongoDB Rust Driver |
Affected:
2.0 , < 2.8.2
(custom)
cpe:2.3:a:mongodb:rust-driver:2.0.0:alpha:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:rust-driver:2.0.0:alpha1:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:rust-driver:2.0.0:beta:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:rust-driver:2.0.0:beta1:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:rust-driver:2.0.0:beta2:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:rust-driver:2.0.0:beta3:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:rust-driver:2.0.0:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:rust-driver:2.0.1:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:rust-driver:2.0.2:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:rust-driver:2.1.0:beta:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:rust-driver:2.1.0:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:rust-driver:2.2.0:beta:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:rust-driver:2.2.0:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:rust-driver:2.2.1:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:rust-driver:2.2.2:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:rust-driver:2.2.3:beta:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:rust-driver:2.3.0:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:rust-driver:2.3.1:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:rust-driver:2.4.0:beta:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:rust-driver:2.4.0:beta2:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:rust-driver:2.4.0:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:rust-driver:2.5.0:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:rust-driver:2.6.0:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:rust-driver:2.6.1:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:rust-driver:2.7.0:beta:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:rust-driver:2.7.0:beta1:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:rust-driver:2.7.0:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:rust-driver:2.7.1:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:rust-driver:2.8.0:*:*:*:*:mongodb:*:* cpe:2.3:a:mongodb:rust-driver:2.8.1:*:*:*:*:mongodb:*:* |
Date Public
2024-07-02 17:17
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-6382",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-02T19:25:24.875879Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-02T19:38:21.077Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:41:03.220Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://jira.mongodb.org/browse/RUST-1881"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:mongodb:rust-driver:2.0.0:alpha:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:rust-driver:2.0.0:alpha1:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:rust-driver:2.0.0:beta:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:rust-driver:2.0.0:beta1:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:rust-driver:2.0.0:beta2:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:rust-driver:2.0.0:beta3:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:rust-driver:2.0.0:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:rust-driver:2.0.1:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:rust-driver:2.0.2:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:rust-driver:2.1.0:beta:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:rust-driver:2.1.0:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:rust-driver:2.2.0:beta:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:rust-driver:2.2.0:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:rust-driver:2.2.1:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:rust-driver:2.2.2:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:rust-driver:2.2.3:beta:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:rust-driver:2.3.0:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:rust-driver:2.3.1:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:rust-driver:2.4.0:beta:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:rust-driver:2.4.0:beta2:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:rust-driver:2.4.0:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:rust-driver:2.5.0:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:rust-driver:2.6.0:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:rust-driver:2.6.1:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:rust-driver:2.7.0:beta:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:rust-driver:2.7.0:beta1:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:rust-driver:2.7.0:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:rust-driver:2.7.1:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:rust-driver:2.8.0:*:*:*:*:mongodb:*:*",
"cpe:2.3:a:mongodb:rust-driver:2.8.1:*:*:*:*:mongodb:*:*"
],
"defaultStatus": "unaffected",
"product": "MongoDB Rust Driver",
"vendor": "MongoDB Inc",
"versions": [
{
"lessThan": "2.8.2",
"status": "affected",
"version": "2.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2024-07-02T17:17:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIncorrect handling of certain string inputs may result in MongoDB Rust driver constructing unintended server commands. This may cause unexpected application behavior including data modification. This issue affects MongoDB Rust Driver 2.0 versions prior to 2.8.2\u003c/p\u003e"
}
],
"value": "Incorrect handling of certain string inputs may result in MongoDB Rust driver constructing unintended server commands. This may cause unexpected application behavior including data modification. This issue affects MongoDB Rust Driver 2.0 versions prior to 2.8.2"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-228",
"description": "CWE-228: Improper Handling of Syntactically Invalid Structure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-02T17:17:50.237Z",
"orgId": "a39b4221-9bd0-4244-95fc-f3e2e07f1deb",
"shortName": "mongodb"
},
"references": [
{
"url": "https://jira.mongodb.org/browse/RUST-1881"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Adversarial unsanitized input may cause MongoDB Rust Driver to issue unintended commands.",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "a39b4221-9bd0-4244-95fc-f3e2e07f1deb",
"assignerShortName": "mongodb",
"cveId": "CVE-2024-6382",
"datePublished": "2024-07-02T17:17:50.237Z",
"dateReserved": "2024-06-27T08:37:36.558Z",
"dateUpdated": "2024-08-01T21:41:03.220Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}