Uploaded image for project: 'Go Driver'
  1. Go Driver
  2. GODRIVER-2461

CVE-2021-38561 in golang.org/x/text

    XMLWordPrintableJSON

Details

    • Icon: Task Task
    • Resolution: Duplicate
    • Icon: Unknown Unknown
    • None
    • None
    • None
    • None

    Description

      We are getting scan hits on Mongo tools (bsondump, mongodump, mongoexport, mongofiles, mongoimport, mongorestore, mongostat, and mongotop) for CVE-2021-38561 affecting golang.org/x/text v0.3.5.

       

      This is fixed in golang.org/x/text v0.3.7

       

      golang.org/x/text v0.3.5 is brought in transitively by the driver which then gets it via github.com/xdg-go/stringprep v1.0.2

       

      github.com/xdg-go/stringprep v1.0.3 has been released specifically to address this CVE.

       

      Attachments

        Activity

          People

            matt.dale@mongodb.com Matt Dale
            bpfoster Ben Foster
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: