CVE-2020-13250
HIGH7.5EPSS 0.87%Allocation of Resources Without Limits or Throttling in Hashicorp Consul in github.com/hashicorp/consul
發布日:2021/5/18修改日:2025/4/3
描述
HashiCorp Consul and Consul Enterprise include an HTTP API (introduced in 1.2.0) and DNS (introduced in 1.4.3) caching feature that was vulnerable to denial of service. Fixed in 1.6.6 and 1.7.4.
受影響套件(4)
- Bitnami/consul>= 1.2.0, < 1.6.6, >= 1.7.0, < 1.7.4
- Debian/consulfrom 0, < 1.7.4+dfsg1-1
- Go/github.com/hashicorp/consul>= 1.2.0, < 1.6.6
- Go/github.com/hashicorp/consul>= 1.2.0, < 1.6.6, >= 1.7.0, < 1.7.4
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
參考連結(7)
- ADVISORYhttps://github.com/advisories/GHSA-rqjq-mrgx-85hp
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2020-13250
- ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2020-13250
- WEBhttps://github.com/hashicorp/consul/blob/v1.6.6/CHANGELOG.md
- WEBhttps://github.com/hashicorp/consul/blob/v1.7.4/CHANGELOG.md
- WEBhttps://github.com/hashicorp/consul/commit/72f92ae7ca4cabc1dc3069362a9b64ef46941432
- WEBhttps://github.com/hashicorp/consul/pull/8023