Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:golang/github.com/hashicorp/consul@1.7.4

Type golang

Namespace github.com/hashicorp

Name consul

Version 1.7.4

Qualifiers

Subpath

Is_vulnerable false

Next_non_vulnerable_version 1.7.9

Latest_non_vulnerable_version 1.22.5

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-2dmf-rj8w-xycm

vulnerability_id VCID-2dmf-rj8w-xycm

summary

Denial of Service (DoS) in HashiCorp Consul
HashiCorp Consul and Consul Enterprise could crash when configured with an abnormally-formed service-router entry. Introduced in 1.6.0, fixed in 1.6.6 and 1.7.4.
### Specific Go Packages Affected
github.com/hashicorp/consul/agent/consul/discoverychain

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-12758

reference_id

reference_type

scores

value	0.0063
scoring_system	epss
scoring_elements	0.70308
published_at	2026-04-21T12:55:00Z

value	0.0063
scoring_system	epss
scoring_elements	0.70225
published_at	2026-04-02T12:55:00Z

value	0.0063
scoring_system	epss
scoring_elements	0.70242
published_at	2026-04-04T12:55:00Z

value	0.0063
scoring_system	epss
scoring_elements	0.70219
published_at	2026-04-07T12:55:00Z

value	0.0063
scoring_system	epss
scoring_elements	0.70265
published_at	2026-04-08T12:55:00Z

value	0.0063
scoring_system	epss
scoring_elements	0.7028
published_at	2026-04-09T12:55:00Z

value	0.0063
scoring_system	epss
scoring_elements	0.70304
published_at	2026-04-11T12:55:00Z

value	0.0063
scoring_system	epss
scoring_elements	0.70289
published_at	2026-04-12T12:55:00Z

value	0.0063
scoring_system	epss
scoring_elements	0.70276
published_at	2026-04-13T12:55:00Z

value	0.0063
scoring_system	epss
scoring_elements	0.70317
published_at	2026-04-16T12:55:00Z

value	0.0063
scoring_system	epss
scoring_elements	0.70326
published_at	2026-04-18T12:55:00Z

value	0.0063
scoring_system	epss
scoring_elements	0.70212
published_at	2026-04-01T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-12758

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12758
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12758

reference_url

https://github.com/hashicorp/consul/blob/v1.6.6/CHANGELOG.md

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/hashicorp/consul/blob/v1.6.6/CHANGELOG.md

reference_url

https://github.com/hashicorp/consul/blob/v1.7.4/CHANGELOG.md

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/hashicorp/consul/blob/v1.7.4/CHANGELOG.md

reference_url

https://github.com/hashicorp/consul/commit/69b44fb9424cfdc05f1b7243876ab10d236ef1fc

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/hashicorp/consul/commit/69b44fb9424cfdc05f1b7243876ab10d236ef1fc

reference_url

https://github.com/hashicorp/consul/pull/7783

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/hashicorp/consul/pull/7783

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-12758

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-12758

fixed_packages

url	pkg:golang/github.com/hashicorp/consul@1.6.6
purl	pkg:golang/github.com/hashicorp/consul@1.6.6
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:golang/github.com/hashicorp/consul@1.6.6

url	pkg:golang/github.com/hashicorp/consul@1.7.4
purl	pkg:golang/github.com/hashicorp/consul@1.7.4
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:golang/github.com/hashicorp/consul@1.7.4

aliases CVE-2020-12758, GHSA-q2qr-3c2p-9235

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2dmf-rj8w-xycm

url VCID-cqzz-az3e-kych

vulnerability_id VCID-cqzz-az3e-kych

summary

Improper Input Validation in HashiCorp Consul
HashiCorp Consul and Consul Enterprise did not appropriately enforce scope for local tokens issued by a primary data center, where replication to a secondary data center was not enabled. Introduced in 1.4.0, fixed in 1.6.6 and 1.7.4.
### Specific Go Packages Affected
github.com/hashicorp/consul/agent

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-13170

reference_id

reference_type

scores

value	0.00514
scoring_system	epss
scoring_elements	0.66589
published_at	2026-04-21T12:55:00Z

value	0.00514
scoring_system	epss
scoring_elements	0.66519
published_at	2026-04-02T12:55:00Z

value	0.00514
scoring_system	epss
scoring_elements	0.66544
published_at	2026-04-04T12:55:00Z

value	0.00514
scoring_system	epss
scoring_elements	0.66515
published_at	2026-04-07T12:55:00Z

value	0.00514
scoring_system	epss
scoring_elements	0.66564
published_at	2026-04-08T12:55:00Z

value	0.00514
scoring_system	epss
scoring_elements	0.66578
published_at	2026-04-09T12:55:00Z

value	0.00514
scoring_system	epss
scoring_elements	0.66597
published_at	2026-04-11T12:55:00Z

value	0.00514
scoring_system	epss
scoring_elements	0.66585
published_at	2026-04-12T12:55:00Z

value	0.00514
scoring_system	epss
scoring_elements	0.66553
published_at	2026-04-13T12:55:00Z

value	0.00514
scoring_system	epss
scoring_elements	0.66588
published_at	2026-04-16T12:55:00Z

value	0.00514
scoring_system	epss
scoring_elements	0.66606
published_at	2026-04-18T12:55:00Z

value	0.00514
scoring_system	epss
scoring_elements	0.6648
published_at	2026-04-01T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-13170

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13170
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13170

reference_url

https://github.com/hashicorp/consul/blob/v1.6.6/CHANGELOG.md

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/hashicorp/consul/blob/v1.6.6/CHANGELOG.md

reference_url

https://github.com/hashicorp/consul/blob/v1.7.4/CHANGELOG.md

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/hashicorp/consul/blob/v1.7.4/CHANGELOG.md

reference_url

https://github.com/hashicorp/consul/commit/242994a016a181d6c62a5bb83189716ad13d4216

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/hashicorp/consul/commit/242994a016a181d6c62a5bb83189716ad13d4216

reference_url

https://github.com/hashicorp/consul/pull/8068

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/hashicorp/consul/pull/8068

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-13170

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-13170

fixed_packages

url	pkg:golang/github.com/hashicorp/consul@1.6.6
purl	pkg:golang/github.com/hashicorp/consul@1.6.6
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:golang/github.com/hashicorp/consul@1.6.6

url	pkg:golang/github.com/hashicorp/consul@1.7.4
purl	pkg:golang/github.com/hashicorp/consul@1.7.4
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:golang/github.com/hashicorp/consul@1.7.4

aliases CVE-2020-13170, GHSA-p2j5-3f4c-224r

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cqzz-az3e-kych

url VCID-jm2d-ejbf-qfhz

vulnerability_id VCID-jm2d-ejbf-qfhz

summary

Allocation of Resources Without Limits or Throttling in Hashicorp Consul
HashiCorp Consul and Consul Enterprise include an HTTP API (introduced in 1.2.0) and DNS (introduced in 1.4.3) caching feature that was vulnerable to denial of service.

### Specific Go Packages Affected
github.com/hashicorp/consul/agent/config

### Fix
The vulnerability is fixed in versions 1.6.6 and 1.7.4.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-13250

reference_id

reference_type

scores

value	0.00867
scoring_system	epss
scoring_elements	0.75186
published_at	2026-04-21T12:55:00Z

value	0.00867
scoring_system	epss
scoring_elements	0.75109
published_at	2026-04-01T12:55:00Z

value	0.00867
scoring_system	epss
scoring_elements	0.75112
published_at	2026-04-02T12:55:00Z

value	0.00867
scoring_system	epss
scoring_elements	0.75142
published_at	2026-04-04T12:55:00Z

value	0.00867
scoring_system	epss
scoring_elements	0.75119
published_at	2026-04-07T12:55:00Z

value	0.00867
scoring_system	epss
scoring_elements	0.75153
published_at	2026-04-13T12:55:00Z

value	0.00867
scoring_system	epss
scoring_elements	0.75165
published_at	2026-04-12T12:55:00Z

value	0.00867
scoring_system	epss
scoring_elements	0.75187
published_at	2026-04-11T12:55:00Z

value	0.00867
scoring_system	epss
scoring_elements	0.7519
published_at	2026-04-16T12:55:00Z

value	0.00867
scoring_system	epss
scoring_elements	0.75197
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-13250

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13250
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13250

reference_url

https://github.com/hashicorp/consul/blob/v1.6.6/CHANGELOG.md

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/hashicorp/consul/blob/v1.6.6/CHANGELOG.md

reference_url

https://github.com/hashicorp/consul/blob/v1.7.4/CHANGELOG.md

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/hashicorp/consul/blob/v1.7.4/CHANGELOG.md

reference_url

https://github.com/hashicorp/consul/commit/72f92ae7ca4cabc1dc3069362a9b64ef46941432

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/hashicorp/consul/commit/72f92ae7ca4cabc1dc3069362a9b64ef46941432

reference_url

https://github.com/hashicorp/consul/pull/8023

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/hashicorp/consul/pull/8023

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-13250

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-13250

fixed_packages

url	pkg:golang/github.com/hashicorp/consul@1.6.6
purl	pkg:golang/github.com/hashicorp/consul@1.6.6
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:golang/github.com/hashicorp/consul@1.6.6

url	pkg:golang/github.com/hashicorp/consul@1.7.4
purl	pkg:golang/github.com/hashicorp/consul@1.7.4
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:golang/github.com/hashicorp/consul@1.7.4

aliases CVE-2020-13250, GHSA-rqjq-mrgx-85hp

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jm2d-ejbf-qfhz

url VCID-th2f-96u1-syhg

vulnerability_id VCID-th2f-96u1-syhg

summary

Incorrect Permission Assignment for Critical Resource	in Hashicorp Consul
HashiCorp Consul and Consul Enterprise failed to enforce changes to legacy ACL token rules due to non-propagation to secondary data centers. Introduced in 1.4.0, fixed in 1.6.6 and 1.7.4.
### Specific Go Packages Affected
github.com/hashicorp/consul/agent/structs

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-12797

reference_id

reference_type

scores

value	0.00407
scoring_system	epss
scoring_elements	0.61173
published_at	2026-04-21T12:55:00Z

value	0.00407
scoring_system	epss
scoring_elements	0.61023
published_at	2026-04-01T12:55:00Z

value	0.00407
scoring_system	epss
scoring_elements	0.61101
published_at	2026-04-02T12:55:00Z

value	0.00407
scoring_system	epss
scoring_elements	0.61129
published_at	2026-04-04T12:55:00Z

value	0.00407
scoring_system	epss
scoring_elements	0.61095
published_at	2026-04-07T12:55:00Z

value	0.00407
scoring_system	epss
scoring_elements	0.61143
published_at	2026-04-08T12:55:00Z

value	0.00407
scoring_system	epss
scoring_elements	0.61158
published_at	2026-04-09T12:55:00Z

value	0.00407
scoring_system	epss
scoring_elements	0.61178
published_at	2026-04-11T12:55:00Z

value	0.00407
scoring_system	epss
scoring_elements	0.61165
published_at	2026-04-12T12:55:00Z

value	0.00407
scoring_system	epss
scoring_elements	0.61146
published_at	2026-04-13T12:55:00Z

value	0.00407
scoring_system	epss
scoring_elements	0.61186
published_at	2026-04-16T12:55:00Z

value	0.00407
scoring_system	epss
scoring_elements	0.61192
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-12797

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12797
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12797

reference_url

https://github.com/hashicorp/consul/blob/v1.6.6/CHANGELOG.md

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/hashicorp/consul/blob/v1.6.6/CHANGELOG.md

reference_url

https://github.com/hashicorp/consul/blob/v1.7.4/CHANGELOG.md

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/hashicorp/consul/blob/v1.7.4/CHANGELOG.md

reference_url

https://github.com/hashicorp/consul/commit/98eea08d3ba1b220a14cf6eedf3b6b07ae2795d7

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/hashicorp/consul/commit/98eea08d3ba1b220a14cf6eedf3b6b07ae2795d7

reference_url

https://github.com/hashicorp/consul/issues/5606

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/hashicorp/consul/issues/5606

reference_url

https://github.com/hashicorp/consul/pull/8047

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/hashicorp/consul/pull/8047

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-12797

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-12797

fixed_packages

url	pkg:golang/github.com/hashicorp/consul@1.6.6
purl	pkg:golang/github.com/hashicorp/consul@1.6.6
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:golang/github.com/hashicorp/consul@1.6.6

url	pkg:golang/github.com/hashicorp/consul@1.7.4
purl	pkg:golang/github.com/hashicorp/consul@1.7.4
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:golang/github.com/hashicorp/consul@1.7.4

aliases CVE-2020-12797, GHSA-hwqm-x785-qh8p

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-th2f-96u1-syhg

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:golang/github.com/hashicorp/consul@1.7.4

Package Instance