Loading...

XML

Word

Printable

JSON

Type: Bug
Resolution: Fixed
Priority: Major - P3
Fix Version/s: 1.4.2
Affects Version/s: 1.4.1
Component/s: Core API
Labels:
None

Confidence Status:
None

Aha! Reference:
None
Tracking Level:
None
Risk Status:
None
Exec Notes:
None
Goal Name:
None
Goal Link:
None

The latest of the mongo-go-driver imports 2 packages which in turn import gopkg.in/yaml.v2-v2.2.2, this has a vulnerability identified in https://nvd.nist.gov/vuln/detail/CVE-2019-11254 and first exposed in the kubernetes API - https://github.com/kubernetes/kubernetes/issues/89535

The 2 packages are:

github.com/pelletier/go-toml@v1.4.0

github.com/stretchr/testify@v1.4.0

the current versions of both package are patched to a higher level of the yaml package.

Assignee:: Divjot Arora (Inactive)
Reporter:: Nicholas Beenham
Votes:: 0 Vote for this issue
Watchers:: 2 Start watching this issue

Created:: Sep 10 2020 07:12:51 PM UTC
Updated:: Oct 28 2023 11:38:02 AM UTC
Resolved:: Sep 25 2020 08:33:36 PM UTC
Confidence Status Last Update:: 16/Sep/20 8:21 PM