CVE-2025-11695

When tlsInsecure=False appears in a connection string, certificate validation is disabled. This vulnerability affects MongoDB Rust Driver versions prior to v3.2.5 Mitigation Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Securi...

MongoDB Rust Driver has certificate validation disabled when `tlsInsecure=False` appears in connection string

When tlsInsecure=False appears in a connection string, certificate validation is disabled. This vulnerability affects MongoDB Rust Driver versions prior to v3.2.5...

GHSA-3P6W-GV5G-XJW9 MongoDB Rust Driver has certificate validation disabled when `tlsInsecure=False` appears in connection string

When tlsInsecure=False appears in a connection string, certificate validation is disabled. This vulnerability affects MongoDB Rust Driver versions prior to v3.2.5...

CVE-2025-11695

When tlsInsecure=False appears in a connection string, certificate validation is disabled. This vulnerability affects MongoDB Rust Driver versions prior to v3.2.5...

CVE-2025-11695

CVE-2025-11695 affects the MongoDB Rust Driver prior to v3.2.5. The root cause is that using tlsInsecure=False in a connection string disables certificate validation, enabling potential man-in-the-middle attacks over the network. The vulnerability is characterized with HIGH severity (CVSS metrics...

CVE-2025-11695 Configuration may unexpectedly disable certificate validation

When tlsInsecure=False appears in a connection string, certificate validation is disabled. This vulnerability affects MongoDB Rust Driver versions prior to v3.2.5...

Configuration may unexpectedly disable certificate validation

When tlsInsecure=False appears in a connection string, certificate validation is disabled. This vulnerability affects MongoDB Rust Driver versions prior to v3.2.5...

MongoDB Rust Driver 安全漏洞

MongoDB Rust Driver is a MongoDB open source client library that allows Rust programs to connect to MongoDB databases. A security vulnerability exists in MongoDB Rust Driver versions prior to v3.2.5 that stems from disabling certificate validation, which could lead to a man-in-the-middle attack...

PT-2025-41792

Name of the Vulnerable Software and Affected Versions MongoDB Rust Driver versions prior to 3.2.5 Description The MongoDB Rust Driver is affected by an issue where setting tlsInsecure=False in a connection string disables certificate validation. Normally, this parameter should enforce strict TLS...

EUVD-2024-47489

Malicious code in bioql PyPI...

EUVD-2022-2442

Malicious code in bioql PyPI...

GHSA-32JF-H775-G29H MongoDB Rust driver may issue unintended commands

Incorrect handling of certain string inputs may result in MongoDB Rust driver constructing unintended server commands. This may cause unexpected application behavior including data modification. This issue affects MongoDB Rust Driver 2.0 versions prior to 2.8.2...

CVE-2024-6382

Incorrect handling of certain string inputs may result in MongoDB Rust driver constructing unintended server commands. This may cause unexpected application behavior including data modification. This issue affects MongoDB Rust Driver 2.0 versions prior to 2.8.2...

CVE-2024-6382 Adversarial unsanitized input may cause MongoDB Rust Driver to issue unintended commands.

Incorrect handling of certain string inputs may result in MongoDB Rust driver constructing unintended server commands. This may cause unexpected application behavior including data modification. This issue affects MongoDB Rust Driver 2.0 versions prior to 2.8.2...

CVE-2024-6382 Adversarial unsanitized input may cause MongoDB Rust Driver to issue unintended commands.

Incorrect handling of certain string inputs may result in MongoDB Rust driver constructing unintended server commands. This may cause unexpected application behavior including data modification. This issue affects MongoDB Rust Driver 2.0 versions prior to 2.8.2...

Adversarial unsanitized input may cause MongoDB Rust Driver to issue unintended commands.

Incorrect handling of certain string inputs may result in MongoDB Rust driver constructing unintended server commands. This may cause unexpected application behavior including data modification. This issue affects MongoDB Rust Driver 2.0 versions prior to 2.8.2...

PT-2024-6681 · Mongodb · Mongodb Rust Driver

Name of the Vulnerable Software and Affected Versions: MongoDB Rust Driver versions prior to 2.8.2 Description: The issue is related to incorrect handling of syntactically incorrect structures, which may result in the construction of unintended server commands. This could lead to unexpected...

CVE-2021-20332 MongoDB Rust Driver may publish events containing authentication-related data to a connection pool event listener configured by an application

Specific MongoDB Rust Driver versions can include credentials used by the connection pool to authenticate connections in the monitoring event that is emitted when the pool is created. The user's logging infrastructure could then potentially ingest these events and unexpectedly leak the credential...

MongoDB 信息泄露漏洞

MongoDB is a document-oriented database management system from the U.S.-based MongoDB, Inc. An information disclosure vulnerability exists in the MongoDB Rust Driver that stems from the fact that specific MongoDB Rust Driver versions can contain credentials used by connection pools to validate...

PT-2021-13891 · Mongodb · Mongodb Rust Driver

Name of the Vulnerable Software and Affected Versions: MongoDB Rust Driver versions 1.0.0 through 1.2.1 MongoDB Rust Driver version 2.0.0-alpha MongoDB Rust Driver version 2.0.0-alpha1 Description: The issue affects the MongoDB Rust Driver, where specific versions can include credentials used by...