CVE-2024-6382: MongoDB Rust driver may issue unintended commands
(updated )
Incorrect handling of certain string inputs may result in MongoDB Rust driver constructing unintended server commands. This may cause unexpected application behavior including data modification. This issue affects MongoDB Rust Driver 2.0 versions prior to 2.8.2
References
- github.com/advisories/GHSA-32jf-h775-g29h
- github.com/mongodb/mongo-rust-driver
- github.com/mongodb/mongo-rust-driver/commit/8eac3bc6dc37a6d7667ed6c1a895c224e3ff47e1
- github.com/mongodb/mongo-rust-driver/commit/a3fe6c84ce6287348b1268f651fdac9fbed66187
- github.com/mongodb/mongo-rust-driver/pull/1045
- jira.mongodb.org/browse/RUST-1881
- nvd.nist.gov/vuln/detail/CVE-2024-6382
Code Behaviors & Features
Detect and mitigate CVE-2024-6382 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →