Loading...

XML

Word

Printable

JSON

Type: Task
Resolution: Duplicate
Priority: Unknown
Fix Version/s: None
Affects Version/s: None
Component/s: None
Labels:
None

Confidence Status:
None

Aha! Reference:
None
Tracking Level:
None
Risk Status:
None
Exec Notes:
None
Goal Link:
None
Goal Name(s):
None

We are getting scan hits on Mongo tools (bsondump, mongodump, mongoexport, mongofiles, mongoimport, mongorestore, mongostat, and mongotop) for CVE-2021-38561 affecting golang.org/x/text v0.3.5.

This is fixed in golang.org/x/text v0.3.7

golang.org/x/text v0.3.5 is brought in transitively by the driver which then gets it via github.com/xdg-go/stringprep v1.0.2

github.com/xdg-go/stringprep v1.0.3 has been released specifically to address this CVE.

duplicates

GODRIVER-2447 Update golang.org/x/text to 0.3.7 or latest

Closed

Assignee:: Matt Dale
Reporter:: Ben Foster
Votes:: 0 Vote for this issue
Watchers:: 2 Start watching this issue

Created:: Jun 16 2022 12:56:40 PM UTC
Updated:: Jun 27 2022 08:40:00 PM UTC
Resolved:: Jun 27 2022 08:40:00 PM UTC

Details

Description

Attachments

Issue Links

Activity

People

Dates