HashiCorp Consul and Consul Enterprise include an HTTP API (introduced in 1.2.0) and DNS (introduced in 1.4.3) caching feature that was vulnerable to denial of service. Fixed in 1.6.6 and 1.7.4.
References
Link | Resource |
---|---|
https://github.com/hashicorp/consul/blob/v1.7.4/CHANGELOG.md | Release Notes Third Party Advisory |
https://github.com/hashicorp/consul/blob/v1.6.6/CHANGELOG.md | Release Notes Third Party Advisory |
https://github.com/hashicorp/consul/pull/8023 | Patch Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Information
Published : 2020-06-11 13:15
Updated : 2021-07-21 04:39
NVD link : CVE-2020-13250
Mitre link : CVE-2020-13250
JSON object : View
CWE
CWE-770
Allocation of Resources Without Limits or Throttling
Products Affected
hashicorp
- consul