Pypi · Pymongo · CVE-2024-5629
**Name of the Vulnerable Software and Affected Versions**
PyMongo versions 4.6.2 and earlier
**Description**
The issue is related to an out-of-bounds read in the 'bson' module, allowing deserialization of malformed BSON provided by a server. This can lead to an exception that may contain arbitrary application memory, potentially revealing confidential information or causing a denial of service.
**Recommendations**
For PyMongo versions 4.6.2 and earlier, update to version 4.6.3 or later to resolve the issue.
As a temporary workaround, consider restricting the use of the 'bson' module until a patch is available.