CVE-2020-13250

HashiCorp Consul and Consul Enterprise include an HTTP API (introduced in 1.2.0) and DNS (introduced in 1.4.3) caching feature that was vulnerable to denial of service. Fixed in 1.6.6 and 1.7.4.
References
Link Resource
https://github.com/hashicorp/consul/blob/v1.6.6/CHANGELOG.md Release Notes Third Party Advisory
https://github.com/hashicorp/consul/blob/v1.7.4/CHANGELOG.md Release Notes Third Party Advisory
https://github.com/hashicorp/consul/pull/8023 Patch Third Party Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:hashicorp:consul:*:*:*:*:*:*:*:*
cpe:2.3:a:hashicorp:consul:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:hashicorp:consul:*:*:*:*:*:*:*:*
cpe:2.3:a:hashicorp:consul:*:*:*:*:enterprise:*:*:*

History

No history.

Information

Published : 2020-06-11 20:15

Updated : 2024-02-04 21:00


NVD link : CVE-2020-13250

Mitre link : CVE-2020-13250

CVE.ORG link : CVE-2020-13250


JSON object : View

Products Affected

hashicorp

  • consul
CWE
CWE-770

Allocation of Resources Without Limits or Throttling