Loading...

XML

Word

Printable

JSON

Type: Question
Resolution: Unresolved
Priority: Major - P3
Fix Version/s: None
Affects Version/s: None
Component/s: None
Labels:
None

Assigned Teams:

Tools and Replicator
Days in Current Status:
268

Our scanning indicates that the MongoDB Tools are affected by 3 (as of this writing) vulnerabilities in the Go stdlib:

CVE-2024-34158 (medium)
CVE-2024-34156 (high)
CVE-2024-34155 (medium)

These have been confirmed with govulncheck.

I see the tools are compiled using Go 1.21, which is no longer supported since Go 1.23 was released (2 months ago). Thus, you will need to upgrade Go to 1.22.7+, or 1.23.1+ to resolve these vulnerabilities.

is related to

TOOLS-3703 Upgrade to latest Go 1.24.x

Needs Scheduling

TOOLS-3702 Investigate why running govulncheck against a compiled binary appears to report issues related to our build code

Accepted

Assignee:: Unassigned
Reporter:: Ben Foster
Votes:: 0 Vote for this issue
Watchers:: 2 Start watching this issue

Created:: Oct 24 2024 12:50:40 PM UTC
Updated:: Nov 04 2024 07:11:23 PM UTC

Details

Description

Attachments

Issue Links

Forms

Activity

People

Dates