GHSA-77cr-6gr8-7rr9
Suggest an improvement- Source
- https://github.com/advisories/GHSA-77cr-6gr8-7rr9
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/02/GHSA-77cr-6gr8-7rr9/GHSA-77cr-6gr8-7rr9.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-77cr-6gr8-7rr9
- Aliases
- Published
- 2022-02-15T01:57:18Z
- Modified
- 2024-08-21T15:58:55.006392Z
- Severity
-
- 9.1 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVSS Calculator
- Summary
- Use After Free in HashiCorp Nomad
- Details
-
HashiCorp Nomad and Nomad Enterprise version 0.9.0 up to 0.12.5 client file sandbox feature can be subverted using either the template or artifact stanzas. Fixed in 0.12.6, 0.11.5, and 0.10.6
- Database specific
{ "nvd_published_at": null, "github_reviewed_at": "2021-05-12T21:58:02Z", "cwe_ids": [ "CWE-416" ], "severity": "CRITICAL", "github_reviewed": true }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2020-27195
- https://github.com/hashicorp/nomad/issues/9129
- https://github.com/hashicorp/nomad/pull/9139
- https://github.com/hashicorp/nomad/blob/master/CHANGELOG.md#0126-october-21-2020
- https://pkg.go.dev/github.com/hashicorp/nomad/client/allocrunner/taskrunner/template
- https://www.nomadproject.io/downloads
Affected packages
Go / github.com/hashicorp/nomad
Package
- Name
- github.com/hashicorp/nomad
- View open source insights on deps.dev
- Purl
- pkg:golang/github.com/hashicorp/nomad
Go / github.com/hashicorp/nomad
Package
- Name
- github.com/hashicorp/nomad
- View open source insights on deps.dev
- Purl
- pkg:golang/github.com/hashicorp/nomad
Go / github.com/hashicorp/nomad
Package
- Name
- github.com/hashicorp/nomad
- View open source insights on deps.dev
- Purl
- pkg:golang/github.com/hashicorp/nomad