Open bpfoster opened 1 month ago
Describe the bug mongodb_exporter v0.40.0 appears to be affected by critical CVE-2024-24790 aka GO-2024-2887 - a vulnerability in the Go stdlib.
To Reproduce Steps to reproduce the behavior:
govulncheck -mode binary mongodb_exporter
Vulnerability #3: GO-2024-2887 Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses in net/netip More info: https://pkg.go.dev/vuln/GO-2024-2887 Standard library Found in: net/netip@go1.21.3 Fixed in: net/netip@go1.21.11 Vulnerable symbols found: #1: netip.Addr.IsGlobalUnicast #2: netip.Addr.IsInterfaceLocalMulticast #3: netip.Addr.IsLinkLocalMulticast #4: netip.Addr.IsLoopback #5: netip.Addr.IsMulticast #6: netip.Addr.IsPrivate
Expected behavior No critical vulnerabilities in the software.
Additional context AFAIK all you need to do is recompile with a newer version of go (1.22.4+).
Hi @bpfoster it will be fixed by new release in upcoming weeks.
Describe the bug mongodb_exporter v0.40.0 appears to be affected by critical CVE-2024-24790 aka GO-2024-2887 - a vulnerability in the Go stdlib.
To Reproduce Steps to reproduce the behavior:
govulncheck -mode binary mongodb_exporter
Expected behavior No critical vulnerabilities in the software.
Additional context AFAIK all you need to do is recompile with a newer version of go (1.22.4+).