{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-6382", "assignerOrgId": "a39b4221-9bd0-4244-95fc-f3e2e07f1deb", "state": "PUBLISHED", "assignerShortName": "mongodb", "dateReserved": "2024-06-27T08:37:36.558Z", "datePublished": "2024-07-02T17:17:50.237Z", "dateUpdated": "2024-08-01T21:41:03.220Z"}, "containers": {"cna": {"affected": [{"cpes": ["cpe:2.3:a:mongodb:rust-driver:2.0.0:alpha:*:*:*:mongodb:*:*", "cpe:2.3:a:mongodb:rust-driver:2.0.0:alpha1:*:*:*:mongodb:*:*", "cpe:2.3:a:mongodb:rust-driver:2.0.0:beta:*:*:*:mongodb:*:*", "cpe:2.3:a:mongodb:rust-driver:2.0.0:beta1:*:*:*:mongodb:*:*", "cpe:2.3:a:mongodb:rust-driver:2.0.0:beta2:*:*:*:mongodb:*:*", "cpe:2.3:a:mongodb:rust-driver:2.0.0:beta3:*:*:*:mongodb:*:*", "cpe:2.3:a:mongodb:rust-driver:2.0.0:*:*:*:*:mongodb:*:*", "cpe:2.3:a:mongodb:rust-driver:2.0.1:*:*:*:*:mongodb:*:*", "cpe:2.3:a:mongodb:rust-driver:2.0.2:*:*:*:*:mongodb:*:*", "cpe:2.3:a:mongodb:rust-driver:2.1.0:beta:*:*:*:mongodb:*:*", "cpe:2.3:a:mongodb:rust-driver:2.1.0:*:*:*:*:mongodb:*:*", "cpe:2.3:a:mongodb:rust-driver:2.2.0:beta:*:*:*:mongodb:*:*", "cpe:2.3:a:mongodb:rust-driver:2.2.0:*:*:*:*:mongodb:*:*", "cpe:2.3:a:mongodb:rust-driver:2.2.1:*:*:*:*:mongodb:*:*", "cpe:2.3:a:mongodb:rust-driver:2.2.2:*:*:*:*:mongodb:*:*", "cpe:2.3:a:mongodb:rust-driver:2.2.3:beta:*:*:*:mongodb:*:*", "cpe:2.3:a:mongodb:rust-driver:2.3.0:*:*:*:*:mongodb:*:*", "cpe:2.3:a:mongodb:rust-driver:2.3.1:*:*:*:*:mongodb:*:*", "cpe:2.3:a:mongodb:rust-driver:2.4.0:beta:*:*:*:mongodb:*:*", "cpe:2.3:a:mongodb:rust-driver:2.4.0:beta2:*:*:*:mongodb:*:*", "cpe:2.3:a:mongodb:rust-driver:2.4.0:*:*:*:*:mongodb:*:*", "cpe:2.3:a:mongodb:rust-driver:2.5.0:*:*:*:*:mongodb:*:*", "cpe:2.3:a:mongodb:rust-driver:2.6.0:*:*:*:*:mongodb:*:*", "cpe:2.3:a:mongodb:rust-driver:2.6.1:*:*:*:*:mongodb:*:*", "cpe:2.3:a:mongodb:rust-driver:2.7.0:beta:*:*:*:mongodb:*:*", "cpe:2.3:a:mongodb:rust-driver:2.7.0:beta1:*:*:*:mongodb:*:*", "cpe:2.3:a:mongodb:rust-driver:2.7.0:*:*:*:*:mongodb:*:*", "cpe:2.3:a:mongodb:rust-driver:2.7.1:*:*:*:*:mongodb:*:*", "cpe:2.3:a:mongodb:rust-driver:2.8.0:*:*:*:*:mongodb:*:*", "cpe:2.3:a:mongodb:rust-driver:2.8.1:*:*:*:*:mongodb:*:*"], "defaultStatus": "unaffected", "product": "MongoDB Rust Driver", "vendor": "MongoDB Inc", "versions": [{"lessThan": "2.8.2", "status": "affected", "version": "2.0", "versionType": "custom"}]}], "datePublic": "2024-07-02T17:17:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>Incorrect handling of certain string inputs may result in MongoDB Rust driver constructing unintended server commands. This may cause unexpected application behavior including data modification. This issue affects MongoDB Rust Driver 2.0 versions prior to 2.8.2</p>"}], "value": "Incorrect handling of certain string inputs may result in MongoDB Rust driver constructing unintended server commands. This may cause unexpected application behavior including data modification. This issue affects MongoDB Rust Driver 2.0 versions prior to 2.8.2"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-228", "description": "CWE-228: Improper Handling of Syntactically Invalid Structure", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "a39b4221-9bd0-4244-95fc-f3e2e07f1deb", "shortName": "mongodb", "dateUpdated": "2024-07-02T17:17:50.237Z"}, "references": [{"url": "https://jira.mongodb.org/browse/RUST-1881"}], "source": {"discovery": "EXTERNAL"}, "title": "Adversarial unsanitized input may cause MongoDB Rust Driver to issue unintended commands.", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-07-02T19:25:24.875879Z", "id": "CVE-2024-6382", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-02T19:38:21.077Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T21:41:03.220Z"}, "title": "CVE Program Container", "references": [{"url": "https://jira.mongodb.org/browse/RUST-1881", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://jira.mongodb.org/browse/RUST-1881", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T21:41:03.220Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-6382", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-07-02T19:25:24.875879Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-02T19:38:17.316Z"}}], "cna": {"title": "Adversarial unsanitized input may cause MongoDB Rust Driver to issue unintended commands.", "source": {"discovery": "EXTERNAL"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"cpes": ["cpe:2.3:a:mongodb:rust-driver:2.0.0:alpha:*:*:*:mongodb:*:*", "cpe:2.3:a:mongodb:rust-driver:2.0.0:alpha1:*:*:*:mongodb:*:*", "cpe:2.3:a:mongodb:rust-driver:2.0.0:beta:*:*:*:mongodb:*:*", "cpe:2.3:a:mongodb:rust-driver:2.0.0:beta1:*:*:*:mongodb:*:*", "cpe:2.3:a:mongodb:rust-driver:2.0.0:beta2:*:*:*:mongodb:*:*", "cpe:2.3:a:mongodb:rust-driver:2.0.0:beta3:*:*:*:mongodb:*:*", "cpe:2.3:a:mongodb:rust-driver:2.0.0:*:*:*:*:mongodb:*:*", "cpe:2.3:a:mongodb:rust-driver:2.0.1:*:*:*:*:mongodb:*:*", "cpe:2.3:a:mongodb:rust-driver:2.0.2:*:*:*:*:mongodb:*:*", "cpe:2.3:a:mongodb:rust-driver:2.1.0:beta:*:*:*:mongodb:*:*", "cpe:2.3:a:mongodb:rust-driver:2.1.0:*:*:*:*:mongodb:*:*", "cpe:2.3:a:mongodb:rust-driver:2.2.0:beta:*:*:*:mongodb:*:*", "cpe:2.3:a:mongodb:rust-driver:2.2.0:*:*:*:*:mongodb:*:*", "cpe:2.3:a:mongodb:rust-driver:2.2.1:*:*:*:*:mongodb:*:*", "cpe:2.3:a:mongodb:rust-driver:2.2.2:*:*:*:*:mongodb:*:*", "cpe:2.3:a:mongodb:rust-driver:2.2.3:beta:*:*:*:mongodb:*:*", "cpe:2.3:a:mongodb:rust-driver:2.3.0:*:*:*:*:mongodb:*:*", "cpe:2.3:a:mongodb:rust-driver:2.3.1:*:*:*:*:mongodb:*:*", "cpe:2.3:a:mongodb:rust-driver:2.4.0:beta:*:*:*:mongodb:*:*", "cpe:2.3:a:mongodb:rust-driver:2.4.0:beta2:*:*:*:mongodb:*:*", "cpe:2.3:a:mongodb:rust-driver:2.4.0:*:*:*:*:mongodb:*:*", "cpe:2.3:a:mongodb:rust-driver:2.5.0:*:*:*:*:mongodb:*:*", "cpe:2.3:a:mongodb:rust-driver:2.6.0:*:*:*:*:mongodb:*:*", "cpe:2.3:a:mongodb:rust-driver:2.6.1:*:*:*:*:mongodb:*:*", "cpe:2.3:a:mongodb:rust-driver:2.7.0:beta:*:*:*:mongodb:*:*", "cpe:2.3:a:mongodb:rust-driver:2.7.0:beta1:*:*:*:mongodb:*:*", "cpe:2.3:a:mongodb:rust-driver:2.7.0:*:*:*:*:mongodb:*:*", "cpe:2.3:a:mongodb:rust-driver:2.7.1:*:*:*:*:mongodb:*:*", "cpe:2.3:a:mongodb:rust-driver:2.8.0:*:*:*:*:mongodb:*:*", "cpe:2.3:a:mongodb:rust-driver:2.8.1:*:*:*:*:mongodb:*:*"], "vendor": "MongoDB Inc", "product": "MongoDB Rust Driver", "versions": [{"status": "affected", "version": "2.0", "lessThan": "2.8.2", "versionType": "custom"}], "defaultStatus": "unaffected"}], "datePublic": "2024-07-02T17:17:00.000Z", "references": [{"url": "https://jira.mongodb.org/browse/RUST-1881"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Incorrect handling of certain string inputs may result in MongoDB Rust driver constructing unintended server commands. This may cause unexpected application behavior including data modification. This issue affects MongoDB Rust Driver 2.0 versions prior to 2.8.2", "supportingMedia": [{"type": "text/html", "value": "<p>Incorrect handling of certain string inputs may result in MongoDB Rust driver constructing unintended server commands. This may cause unexpected application behavior including data modification. This issue affects MongoDB Rust Driver 2.0 versions prior to 2.8.2</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-228", "description": "CWE-228: Improper Handling of Syntactically Invalid Structure"}]}], "providerMetadata": {"orgId": "a39b4221-9bd0-4244-95fc-f3e2e07f1deb", "shortName": "mongodb", "dateUpdated": "2024-07-02T17:17:50.237Z"}}}, "cveMetadata": {"cveId": "CVE-2024-6382", "state": "PUBLISHED", "dateUpdated": "2024-08-01T21:41:03.220Z", "dateReserved": "2024-06-27T08:37:36.558Z", "assignerOrgId": "a39b4221-9bd0-4244-95fc-f3e2e07f1deb", "datePublished": "2024-07-02T17:17:50.237Z", "assignerShortName": "mongodb"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mongodb:rust_driver:*:*:*:*:*:mongodb:*:*", "matchCriteriaId": "4A0DC731-594D-402E-BDF6-650A7A8FBC80", "versionEndExcluding": "2.8.2", "versionStartIncluding": "2.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Incorrect handling of certain string inputs may result in MongoDB Rust driver constructing unintended server commands. This may cause unexpected application behavior including data modification. This issue affects MongoDB Rust Driver 2.0 versions prior to 2.8.2"}, {"lang": "es", "value": "El manejo incorrecto de ciertas entradas de cadenas puede provocar que el controlador MongoDB Rust cree comandos de servidor no deseados. Esto puede provocar un comportamiento inesperado de la aplicaci\u00f3n, incluida la modificaci\u00f3n de datos. Este problema afecta a las versiones MongoDB Rust Driver 2.0 anteriores a la 2.8.2"}], "id": "CVE-2024-6382", "lastModified": "2025-10-02T13:48:26.653", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 3.1, "impactScore": 2.7, "source": "cna@mongodb.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-07-02T18:15:04.337", "references": [{"source": "cna@mongodb.com", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "https://jira.mongodb.org/browse/RUST-1881"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "https://jira.mongodb.org/browse/RUST-1881"}], "sourceIdentifier": "cna@mongodb.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-228"}], "source": "cna@mongodb.com", "type": "Secondary"}]}

{}

{}