GHSA-rqjq-mrgx-85hp

Source

https://github.com/advisories/GHSA-rqjq-mrgx-85hp

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/05/GHSA-rqjq-mrgx-85hp/GHSA-rqjq-mrgx-85hp.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-rqjq-mrgx-85hp

Aliases

Published

2021-05-18T18:21:35Z

Modified

2024-08-21T15:58:49.598835Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

Allocation of Resources Without Limits or Throttling in Hashicorp Consul

Details

HashiCorp Consul and Consul Enterprise include an HTTP API (introduced in 1.2.0) and DNS (introduced in 1.4.3) caching feature that was vulnerable to denial of service.

Specific Go Packages Affected

github.com/hashicorp/consul/agent/config

Fix

The vulnerability is fixed in versions 1.6.6 and 1.7.4.

Database specific

{
    "nvd_published_at": "2020-06-11T20:15:00Z",
    "cwe_ids": [
        "CWE-770"
    ],
    "severity": "HIGH",
    "github_reviewed": true,
    "github_reviewed_at": "2021-05-12T22:00:34Z"
}

References

Affected packages

Go / github.com/hashicorp/consul

Package

Name: github.com/hashicorp/consul; View open source insights on deps.dev
Purl: pkg:golang/github.com/hashicorp/consul

Affected ranges

Type: SEMVER
Events: Introduced

1.2.0

Fixed

1.6.6

Go / github.com/hashicorp/consul

Package

Name: github.com/hashicorp/consul; View open source insights on deps.dev
Purl: pkg:golang/github.com/hashicorp/consul

Affected ranges

Type: SEMVER
Events: Introduced

1.7.0

Fixed

1.7.4