GHSA-3382-r9q8-4hfg

Source

https://github.com/advisories/GHSA-3382-r9q8-4hfg

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/03/GHSA-3382-r9q8-4hfg/GHSA-3382-r9q8-4hfg.json

Aliases

CVE-2022-24685

Published

2022-03-01T00:00:28Z

Modified

2023-11-08T04:08:32.656806Z

Details

HashiCorp Nomad and Nomad Enterprise 1.x before 1.0.17, 1.1.x before 1.1.12, and 1.2.x before 1.2.6 is vulnerable to Allocation of Resources Without Limits or Throttling.

References

https://nvd.nist.gov/vuln/detail/CVE-2022-24685
https://discuss.hashicorp.com
https://discuss.hashicorp.com/t/hcsec-2022-03-nomad-malformed-job-parsing-results-in-excessive-cpu-usage
https://discuss.hashicorp.com/t/hcsec-2022-03-nomad-malformed-job-parsing-results-in-excessive-cpu-usage/35561
https://security.netapp.com/advisory/ntap-20220331-0007
github.com/hashicorp/nomad

Affected packages

Go / github.com/hashicorp/nomad

Package

Name: github.com/hashicorp/nomad

Affected ranges

Type: SEMVER
Events: Introduced

1.0.0

Fixed

1.0.17

Go / github.com/hashicorp/nomad

Package

Name: github.com/hashicorp/nomad

Affected ranges

Type: SEMVER
Events: Introduced

1.1.0

Fixed

1.1.12

Go / github.com/hashicorp/nomad

Package

Name: github.com/hashicorp/nomad

Affected ranges

Type: SEMVER
Events: Introduced

1.2.0

Fixed

1.2.6