ByteOS Network

NVD Vulnerability Details :

CVE-2024-6382

Analyzed

Source-cna@mongodb.com

Published At-02 Jul, 2024 | 18:15

Updated At-02 Oct, 2025 | 13:48

Incorrect handling of certain string inputs may result in MongoDB Rust driver constructing unintended server commands. This may cause unexpected application behavior including data modification. This issue affects MongoDB Rust Driver 2.0 versions prior to 2.8.2

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	3.1	6.4	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L
Primary	3.1	7.5	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Type: Secondary

Version: 3.1

Base score: 6.4

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L

Type: Primary

Version: 3.1

Base score: 7.5

Base severity: HIGH

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CPE Matches

MongoDB, Inc.

>>rust_driver>>Versions from 2.0.0(inclusive) to 2.8.2(exclusive)

cpe:2.3:a:mongodb:rust_driver:*:*:*:*:*:mongodb:*:*

Weaknesses

CWE ID	Type	Source
CWE-228	Secondary	cna@mongodb.com

CWE ID: CWE-228

Type: Secondary

Source: cna@mongodb.com

References

Hyperlink	Source	Resource
https://jira.mongodb.org/browse/RUST-1881	cna@mongodb.com	Issue Tracking Vendor Advisory
https://jira.mongodb.org/browse/RUST-1881	af854a3a-2127-422b-91ae-364da2661108	Issue Tracking Vendor Advisory

Hyperlink: https://jira.mongodb.org/browse/RUST-1881

Source: cna@mongodb.com

Resource:

Issue Tracking

Vendor Advisory

Hyperlink: https://jira.mongodb.org/browse/RUST-1881

Source: af854a3a-2127-422b-91ae-364da2661108

Resource:

Issue Tracking

Vendor Advisory

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History