CVE-2020-27195 – github.com/hashicorp/nomad

Package

Manager: go
Name: github.com/hashicorp/nomad
Vulnerable Version: >=0.9.0 <0.10.6 || >=0.11.0 <0.11.5 || >=0.12.0 <0.12.6

Severity

Level: Critical

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

EPSS: 0.0036 pctl0.57447

Details

Use After Free in HashiCorp Nomad HashiCorp Nomad and Nomad Enterprise version 0.9.0 up to 0.12.5 client file sandbox feature can be subverted using either the template or artifact stanzas. Fixed in 0.12.6, 0.11.5, and 0.10.6

Metadata

Created: 2022-02-15T01:57:18Z
Modified: 2023-10-02T15:17:55Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/02/GHSA-77cr-6gr8-7rr9/GHSA-77cr-6gr8-7rr9.json
CWE IDs: ["CWE-416"]
Alternative ID: GHSA-77cr-6gr8-7rr9
Finding: F138
Auto approve: 1