vulnerability

Amazon Linux 2023: CVE-2024-5629: Medium priority package update for python-pymongo

Severity
4
CVSS
(AV:N/AC:H/Au:N/C:P/I:N/A:P)
Published
Jun 5, 2024
Added
Mar 10, 2025
Modified
Jul 9, 2025

Description

An out-of-bounds read in the 'bson' module of PyMongo 4.6.2 or earlier allows deserialization of malformed BSON provided by a Server to raise an exception which may contain arbitrary application memory.
A flaw was found in the bson module contained in the python-pymongo package. A malformed BSON file may trigger an exception, leading to a denial of service and eventually sensitive memory data exposure.

Solution(s)

amazon-linux-2023-upgrade-python3-bsonamazon-linux-2023-upgrade-python3-bson-debuginfoamazon-linux-2023-upgrade-python3-pymongoamazon-linux-2023-upgrade-python3-pymongo-debuginfoamazon-linux-2023-upgrade-python3-pymongo-gridfsamazon-linux-2023-upgrade-python-pymongo-debuginfoamazon-linux-2023-upgrade-python-pymongo-debugsourceamazon-linux-2023-upgrade-python-pymongo-doc
Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.