PyMongo 4.6.3 was a security release to address CVE-2024-5629.
An out-of-bounds read in the ‘bson’ module of PyMongo 4.6.2 or earlier allows deserialization of malformed BSON provided by a Server to raise an exception which may contain arbitrary application memory.
We encourage all users to upgrade to PyMongo 4.6.3 or higher.