logo

Database

Server side cross-site scripting In github.com/hashicorp/consul

Description

cross-site scripting

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. CVE-2020-258642. NVD-2020-258643. OSV-2020-258644. OSV-DEBIAN-2020-258645. GCVE-2020-258646. security.gentoo.org7. SECURITY-TRACKER-CVE-2020-25864

References

1. https://discuss.hashicorp.com/t/hcsec-2021-07-consul-api-kv-endpoint-vulnerable-to-cross-site-scripting/233682. https://www.hashicorp.com/blog/category/consul3. https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2020/CVE-2020-25864.yaml

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.