CVE-2024-6382

MEDIUM

MongoDB Rust Driver <2.8.2 - Code Injection

Title source: llm

Description

Incorrect handling of certain string inputs may result in MongoDB Rust driver constructing unintended server commands. This may cause unexpected application behavior including data modification. This issue affects MongoDB Rust Driver 2.0 versions prior to 2.8.2

References (1)

[Issue Tracking, Vendor Advisory] https://jira.mongodb.org/browse/RUST-1881

Scores

CVSS v3 6.4

EPSS 0.0011

EPSS Percentile 29.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-228

Status published

Products (2)

crates.io/mongodb 2.0.0 - 2.8.2crates.io

mongodb/rust_driver 2.0.0 - 2.8.2

Published Jul 02, 2024

Tracked Since Feb 18, 2026