Details
-
Task
-
Resolution: Duplicate
-
Unknown
-
None
-
None
-
None
-
None
Description
We are getting scan hits on Mongo tools (bsondump, mongodump, mongoexport, mongofiles, mongoimport, mongorestore, mongostat, and mongotop) for CVE-2021-38561 affecting golang.org/x/text v0.3.5.
This is fixed in golang.org/x/text v0.3.7
golang.org/x/text v0.3.5 is brought in transitively by the driver which then gets it via github.com/xdg-go/stringprep v1.0.2
github.com/xdg-go/stringprep v1.0.3 has been released specifically to address this CVE.
Attachments
Issue Links
- duplicates
-
GODRIVER-2447 Update golang.org/x/text to 0.3.7 or latest
-
- Closed
-