CVE-2020-13250 – github.com/hashicorp/consul

Package

Manager: go
Name: github.com/hashicorp/consul
Vulnerable Version: >=1.2.0 <1.6.6 || >=1.7.0 <1.7.4

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

EPSS: 0.00408 pctl0.60361

Details

Allocation of Resources Without Limits or Throttling in Hashicorp Consul HashiCorp Consul and Consul Enterprise include an HTTP API (introduced in 1.2.0) and DNS (introduced in 1.4.3) caching feature that was vulnerable to denial of service. ### Specific Go Packages Affected github.com/hashicorp/consul/agent/config ### Fix The vulnerability is fixed in versions 1.6.6 and 1.7.4.

Metadata

Created: 2021-05-18T18:21:35Z
Modified: 2023-10-02T14:01:45Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/05/GHSA-rqjq-mrgx-85hp/GHSA-rqjq-mrgx-85hp.json
CWE IDs: ["CWE-770"]
Alternative ID: GHSA-rqjq-mrgx-85hp
Finding: F002
Auto approve: 1