Mongodump 100.6.0 has CVE-2022-32149

mongodump 100.6.0 has CVE-2022-32149.
in which version it was fixed ?

also, the mongorestore has the same vulnerability. can you pleas share the version in which the issue was not present

Hello @Sri_Sai_Ram_Akam ,

Welcome back to The MongoDB Community Forums! :wave:

Please upgrade your database tools to latest version 100.7.3 via Download Database Tools.

The new version includes bug fixes as well as improvements, let me know if you face any issues.
I will be happy to help you.


Hi @Tarun_Gaur, Thank you for your reply. But I want to know in which database tools version the go version was updated? and the vulnerability is resolved?
That would be more clear and appropriate to which version we can update.

Hello @Sri_Sai_Ram_Akam ,

As per my understanding, CVE-2022-32149 does not affect the Database tools.

In case you face any issues or have any queries, kindly feel free to post a new thread, will be happy to help you! :slightly_smiling_face:


Hi @Tarun_Gaur
My concern is the Database tools 100.6.0 is built on GO version 1.17.10
which has the vulnerability CVE-2022-32149.
I think that should also affect the mongodump and mongorestore which we are using .
Kindly help with this.

mongodump --version
mongodump version: 100.6.0
git version: 1d46e6e7021f2f5668763dba624e34bb39208cb0
Go version: go1.17.10
os: windows
arch: amd64
compiler: gc

Hello @Sri_Sai_Ram_Akam ,

I got a confirmation from the team that CVE-2022-32149 does not affect the database tools.

Also, you can download our latest release from our Download Center that is Database Tools version 100.7.4 which is built upon Go version 1.19. Please refer Database Tools Changelog for more information.


1 Like