Uploaded image for project: 'MongoDB Database Tools'
  1. MongoDB Database Tools
  2. TOOLS-3313

CVE with bsondump

XMLWordPrintableJSON

    • Type: Icon: Bug Bug
    • Resolution: Works as Designed
    • Priority: Icon: Major - P3 Major - P3
    • None
    • Affects Version/s: None
    • Component/s: None
    • Labels:
      None

      Problem Statement/Rationale

      bsondump appears to be relying on Golang 1.19.6 which is susceptible for CVE https://nvd.nist.gov/vuln/detail/CVE-2023-24540

       

      UHG is a large POD customer that uses docker images extensively in their local development (as part of docker compose). Recently their security team has been being more restrictive and has started to block some images due to this and other CVE's.  

      Steps to Reproduce

      CVE link provides details for to validate the error.

      Expected Results

      Update bsondump to use Golang that has been patched against this CVE. This also needs to then be updated in the official docker images for Enterprise Advanced so that it can pass security screenings. 

      Actual Results

      What do you observe is happening?

      Additional Notes

      Any additional information that may be useful to include.

            Assignee:
            Unassigned Unassigned
            Reporter:
            josh.smith@mongodb.com Josh Smith
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated:
              Resolved: