CGA-j75f-6qgr-x3rm

Published

Last updated

https://images.chainguard.dev/security/CGA-j75f-6qgr-x3rm

Package

kubeflow-pipelines-visualization-server

Latest Update

Fixed

Fixed Version

2.2.0-r0

Aliases

CVE-2024-5629
GHSA-m87m-mmvp-v9qm

Severity

4.7

Medium

CVSS V3

Summary

PyMongo Out-of-bounds Read in the bson module

Description

Versions of the package pymongo before 4.6.3 are vulnerable to Out-of-bounds Read in the bson module. Using the crafted payload the attacker could force the parser to deserialize unmanaged memory. The parser tries to interpret bytes next to buffer and throws an exception with string. If the following bytes are not printable UTF-8 the parser throws an exception with a single byte.

References

https://nvd.nist.gov/vuln/detail/CVE-2024-5629
https://github.com/advisories/GHSA-m87m-mmvp-v9qm
https://github.com/mongodb/mongo-python-driver/commit/56b6b6dbc267d365d97c037082369dabf37405d2
https://gist.github.com/keltecc/62a7c2bf74a997d0a7b48a0ff3853a03
https://github.com/mongodb/mongo-python-driver
https://jira.mongodb.org/browse/PYTHON-4305
https://lists.debian.org/debian-lts-announce/2024/06/msg00007.html
https://security.snyk.io/vuln/SNYK-PYTHON-PYMONGO-6370597

Updates

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

CGA-j75f-6qgr-x3rm

Severity

Summary

Description

References

Updates

Product

Why Chainguard

Customers

Company

Resources