CVE-2020-27195
CRITICAL9.1EPSS 0.31%Use After Free in HashiCorp Nomad
發布日:2022/2/15修改日:2024/8/21
描述
HashiCorp Nomad and Nomad Enterprise version 0.9.0 up to 0.12.5 client file sandbox feature can be subverted using either the template or artifact stanzas. Fixed in 0.12.6, 0.11.5, and 0.10.6
受影響套件(2)
- Go/github.com/hashicorp/nomad>= 0.9.0, < 0.10.6
- Go/github.com/hashicorp/nomad>= 0.9.0, < 0.10.6, >= 0.11.0, < 0.11.5, >= 0.12.0, < 0.12.6
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | CRITICAL9.1 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N |
參考連結(7)
- ADVISORYhttps://github.com/advisories/GHSA-77cr-6gr8-7rr9
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2020-27195
- PATCHhttps://pkg.go.dev/github.com/hashicorp/nomad/client/allocrunner/taskrunner/template
- WEBhttps://github.com/hashicorp/nomad/blob/master/CHANGELOG.md#0126-october-21-2020
- WEBhttps://github.com/hashicorp/nomad/issues/9129
- WEBhttps://github.com/hashicorp/nomad/pull/9139
- WEBhttps://www.nomadproject.io/downloads