Hello everyone,
We have encountered a vulnerability during our deployment. This GO vulnerability affects the components listed below.
Environment: Ubuntu 22.04.2 LTS (Jammy)
Package: MongoDB 6.0.4 MongoDB Repositories
Packages that have the vulnerability:
bsondump|1.19.3
mongodump|1.19.3
mongoexport|1.19.3
mongofiles|1.19.3
mongoimport|1.19.3
mongorestore|1.19.3
mongostat|1.19.3
mongotop|1.19.3
Upgrading these components to use GO 1.19.8 or higher should eliminate the vulnerability.
Does anyone know when the official Ubuntu repo will add a new stable release or a fix for this?
or
Is there any workaround that can disable the installation of these tools?
Thank you in advance.