Mongodb .Net/C# Driver

Submit a proposal Propose CVE/GCVE/GHSA reference

Approved changes feed: RSS · Atom

cpe:2.3:a:mongodb_inc:mongodb_.net/c#_driver:*:*:*:*:*:*:*:*

part: a version: * update: *

VendorMongodb Inc (9ab524e9-2bd0-5ee5-96be-506a074e6407)
ProductMongodb .Net/C# Driver (b24f8244-9654-5376-8272-659dfea879fe)
Edition*
Language*
Software edition*
Target software*
Target hardware*
Other*
NotesImported from gcve-enriched-dumps CVE data

PURL mappings

PURLSourceLast updated
No PURL mappings for this CPE yet.

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2022-48282 vulnerable 2026-06-08 05:50:41.792895 Deserializing compromised object with MongoDB .NET/C# Driver may cause remote code execution
MEDIUM (6.6)
Under very specific circumstances (see Required configuration section below), a privileged user is able to cause arbitrary code to be executed which may cause further disruption to services. This is specific to applications written in C#. This affects all MongoDB .NET/C# Driver versions prior to and including v2.18.0 Following configuration must be true for the vulnerability to be applicable: * Application must written in C# taking arbitrary data from users and serializing data using _t without any validation AND * Application must be running on a Windows host using the full .NET Framework, not .NET Core AND * Application must have domain model class with a property/field explicitly of type System.Object or a collection of type System.Object (against MongoDB best practice) AND * Malicious attacker must have unrestricted insert access to target database to add a _t discriminator."Following configuration must be true for the vulnerability to be applicable
Published: 2023-02-21T18:35:11.643Z
Updated: 2025-03-11T19:20:08.556Z
Reference links
Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.