CVE-2020-13250

HashiCorp Consul and Consul Enterprise include an HTTP API (introduced in 1.2.0) and DNS (introduced in 1.4.3) caching feature that was vulnerable to denial of service. Fixed in 1.6.6 and 1.7.4.
References
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:hashicorp:consul:*:*:*:*:*:*:*:*
cpe:2.3:a:hashicorp:consul:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:hashicorp:consul:*:*:*:*:*:*:*:*
cpe:2.3:a:hashicorp:consul:*:*:*:*:enterprise:*:*:*

History

21 Nov 2024, 05:00

Type Values Removed Values Added
References () https://github.com/hashicorp/consul/blob/v1.6.6/CHANGELOG.md - Release Notes, Third Party Advisory () https://github.com/hashicorp/consul/blob/v1.6.6/CHANGELOG.md - Release Notes, Third Party Advisory
References () https://github.com/hashicorp/consul/blob/v1.7.4/CHANGELOG.md - Release Notes, Third Party Advisory () https://github.com/hashicorp/consul/blob/v1.7.4/CHANGELOG.md - Release Notes, Third Party Advisory
References () https://github.com/hashicorp/consul/pull/8023 - Patch, Third Party Advisory () https://github.com/hashicorp/consul/pull/8023 - Patch, Third Party Advisory

Information

Published : 2020-06-11 20:15

Updated : 2024-11-21 05:00


NVD link : CVE-2020-13250

Mitre link : CVE-2020-13250

CVE.ORG link : CVE-2020-13250


JSON object : View

Products Affected

hashicorp

  • consul
CWE
CWE-770

Allocation of Resources Without Limits or Throttling