5.2 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L
7.1 High
AI Score
Confidence
Low
3.7 Low
CVSS2
Access Vector
LOCAL
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:H/Au:N/C:P/I:P/A:P
0.0004 Low
EPSS
Percentile
14.2%
Versions of the package pymongo before 4.6.3 are vulnerable to
Out-of-bounds Read in the bson module. Using the crafted payload the
attacker could force the parser to deserialize unmanaged memory. The parser
tries to interpret bytes next to buffer and throws an exception with
string. If the following bytes are not printable UTF-8 the parser throws an
exception with a single byte.
5.2 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L
7.1 High
AI Score
Confidence
Low
3.7 Low
CVSS2
Access Vector
LOCAL
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:H/Au:N/C:P/I:P/A:P
0.0004 Low
EPSS
Percentile
14.2%