VulnerableCode Package Details - pkg:nuget/MongoDB.Driver@2.19.0

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-p2rj-sbjh-jyav	Under very specific circumstances (see Required configuration section below), a privileged user is able to cause arbitrary code to be executed which may cause further disruption to services. This is specific to applications written in C#. This affects all MongoDB .NET/C# Driver versions prior to and including v2.18.0 Following configuration must be true for the vulnerability to be applicable: * Application must written in C# taking arbitrary data from users and serializing data using _t without any validation AND * Application must be running on a Windows host using the full .NET Framework, not .NET Core AND * Application must have domain model class with a property/field explicitly of type System.Object or a collection of type System.Object (against MongoDB best practice) AND * Malicious attacker must have unrestricted insert access to target database to add a _t discriminator."Following configuration must be true for the vulnerability to be applicable	CVE-2022-48282 GHSA-7j9m-j397-g4wx

Vulnerability

Summary

Aliases

VCID-p2rj-sbjh-jyav

Under very specific circumstances (see Required configuration section below), a privileged user is able to cause arbitrary code to be executed which may cause further disruption to services. This is specific to applications written in C#. This affects all MongoDB .NET/C# Driver versions prior to and including v2.18.0 Following configuration must be true for the vulnerability to be applicable: * Application must written in C# taking arbitrary data from users and serializing data using _t without any validation AND * Application must be running on a Windows host using the full .NET Framework, not .NET Core AND * Application must have domain model class with a property/field explicitly of type System.Object or a collection of type System.Object (against MongoDB best practice) AND * Malicious attacker must have unrestricted insert access to target database to add a _t discriminator."Following configuration must be true for the vulnerability to be applicable

CVE-2022-48282
GHSA-7j9m-j397-g4wx

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-13T06:25:27.117944+00:00	GHSA Importer	Fixing	VCID-p2rj-sbjh-jyav	https://github.com/advisories/GHSA-7j9m-j397-g4wx	38.6.0
2026-06-12T15:45:35.374824+00:00	GitLab Importer	Fixing	VCID-p2rj-sbjh-jyav	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/MongoDB.Driver/CVE-2022-48282.yml	38.6.0
2026-06-12T07:58:10.696044+00:00	GithubOSV Importer	Fixing	VCID-p2rj-sbjh-jyav	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/02/GHSA-7j9m-j397-g4wx/GHSA-7j9m-j397-g4wx.json	38.6.0