motor-3.1.2-py3-none-any.whl: 1 vulnerabilities (highest severity is: 4.7) #22
Description
Vulnerable Library - motor-3.1.2-py3-none-any.whl
Path to dependency file: /requirements.txt
Path to vulnerable library: /requirements.txt
Vulnerabilities
| CVE | Severity |  CVSS |
Dependency | Type | Fixed in (motor version) | Remediation Possible** |
|---|---|---|---|---|---|---|
| CVE-2024-5629 |  Medium |
4.7 | pymongo-4.3.3-cp37-cp37m-manylinux_2_17_x86_64.manylinux2014_x86_64.whl | Transitive | N/A* | ❌ |
*For some transitive vulnerabilities, there is no version of direct dependency with a fix. Check the "Details" section below to see if there is a version of transitive dependency where vulnerability is fixed.
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
Details
CVE-2024-5629
Vulnerable Library - pymongo-4.3.3-cp37-cp37m-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
Python driver for MongoDB
Path to dependency file: /requirements.txt
Path to vulnerable library: /requirements.txt
Dependency Hierarchy:
- motor-3.1.2-py3-none-any.whl (Root Library)
- ❌ pymongo-4.3.3-cp37-cp37m-manylinux_2_17_x86_64.manylinux2014_x86_64.whl (Vulnerable Library)
Found in base branch: main
Vulnerability Details
An out-of-bounds read in the 'bson' module of PyMongo 4.6.2 or earlier allows deserialization of malformed BSON provided by a Server to raise an exception which may contain arbitrary application memory.
Publish Date: 2024-06-05
URL: CVE-2024-5629
CVSS 3 Score Details (4.7)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: None
- User Interaction: Required
- Scope: Changed
- Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: None
- Availability Impact: Low
Suggested Fix
Type: Upgrade version
Origin: https://www.cve.org/CVERecord?id=CVE-2024-5629
Release Date: 2024-06-05
Fix Resolution: pymongo - 4.6.3
Step up your Open Source Security Game with Mend here