GHSA-8xmx-h8rq-h94j

Suggest an improvement
Source
https://github.com/advisories/GHSA-8xmx-h8rq-h94j
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-8xmx-h8rq-h94j/GHSA-8xmx-h8rq-h94j.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-8xmx-h8rq-h94j
Aliases
Published
2022-05-24T17:48:04Z
Modified
2024-06-21T08:12:22.920369Z
Severity
  • 6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
HashiCorp Consul Cross-site Scripting vulnerability
Details

HashiCorp Consul and Consul Enterprise up to version 1.9.4 key-value (KV) raw mode was vulnerable to cross-site scripting. Fixed in 1.9.5, 1.8.10 and 1.7.14.

References

Affected packages

Go / github.com/hashicorp/consul

Package

Name
github.com/hashicorp/consul
View open source insights on deps.dev
Purl
pkg:golang/github.com/hashicorp/consul

Affected ranges

Type
SEMVER
Events
Introduced
1.9.0
Fixed
1.9.5

Go / github.com/hashicorp/consul

Package

Name
github.com/hashicorp/consul
View open source insights on deps.dev
Purl
pkg:golang/github.com/hashicorp/consul

Affected ranges

Type
SEMVER
Events
Introduced
1.8.0
Fixed
1.8.10

Go / github.com/hashicorp/consul

Package

Name
github.com/hashicorp/consul
View open source insights on deps.dev
Purl
pkg:golang/github.com/hashicorp/consul

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.7.14