You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
An out-of-bounds read in the 'bson' module of PyMongo 4.6.2 or earlier allows deserialization of malformed BSON provided by a Server to raise an exception which may contain arbitrary application memory.
Vulnerable Library - pymongo-4.3.3-cp37-cp37m-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
Python driver for MongoDB
Library home page: https://files.pythonhosted.org/packages/93/da/d58cdba6e4c896300d1c939119c0911948a7edd94e10cc75048142e56160/pymongo-4.3.3-cp37-cp37m-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
Path to dependency file: /embedding/requirements.txt
Path to vulnerable library: /embedding/requirements.txt,/clustering/requirements.txt,/tracking/requirements.txt
Found in HEAD commit: f548525baaf6d16b6a6edc667027ce1b0516e50f
Vulnerabilities
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
Details
CVE-2024-5629
Vulnerable Library - pymongo-4.3.3-cp37-cp37m-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
Python driver for MongoDB
Library home page: https://files.pythonhosted.org/packages/93/da/d58cdba6e4c896300d1c939119c0911948a7edd94e10cc75048142e56160/pymongo-4.3.3-cp37-cp37m-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
Path to dependency file: /embedding/requirements.txt
Path to vulnerable library: /embedding/requirements.txt,/clustering/requirements.txt,/tracking/requirements.txt
Dependency Hierarchy:
Found in HEAD commit: f548525baaf6d16b6a6edc667027ce1b0516e50f
Found in base branch: main
Vulnerability Details
An out-of-bounds read in the 'bson' module of PyMongo 4.6.2 or earlier allows deserialization of malformed BSON provided by a Server to raise an exception which may contain arbitrary application memory.
Publish Date: 2024-06-05
URL: CVE-2024-5629
CVSS 3 Score Details (4.7)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://www.cve.org/CVERecord?id=CVE-2024-5629
Release Date: 2024-06-05
Fix Resolution: pymongo - 4.6.3
Step up your Open Source Security Game with Mend here
The text was updated successfully, but these errors were encountered: