CVE-2024-3372: 
MongoDB vulnerability analysis and mitigation

A critical vulnerability (CVE-2024-3372) was discovered in MongoDB Server that affects multiple versions of the software. The vulnerability stems from improper validation of certain metadata input, which can result in incorrect BSON serialization. This issue affects MongoDB Server v7.0 versions prior to 7.0.6, MongoDB Server v6.0 versions prior to 6.0.14, and MongoDB Server v5.0 versions prior to 5.0.25 (MongoDB Jira).

The vulnerability is classified as an Improper Input Validation (CWE-20) issue. It has been assigned a CVSS v3.1 Base Score of 7.5 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H. The technical nature of the vulnerability involves the server's inability to correctly serialize BSON due to improper validation of metadata input (MongoDB Jira).

When exploited, this vulnerability can cause unexpected application behavior, including the unavailability of serverStatus responses. The impact is particularly significant as it can be triggered pre-authentication, potentially affecting system availability (MongoDB Jira).

Users are advised to upgrade to the patched versions: MongoDB Server 7.0.6, 6.0.14, or 5.0.25, depending on their current version. These releases contain fixes for the vulnerability (MongoDB Jira).