Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:ebuild/app-admin/consul@1.9.17
Typeebuild
Namespaceapp-admin
Nameconsul
Version1.9.17
Qualifiers
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version1.15.10
Latest_non_vulnerable_version1.15.10
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-65ru-yj23-qqbr
vulnerability_id VCID-65ru-yj23-qqbr
summary 
HashiCorp Consul L7 deny intention results in an allow action
In HashiCorp Consul before 1.10.1 (and Consul Enterprise), xds can generate a situation where a single L7 deny intention (with a default deny policy) results in an allow action.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-36213
reference_id
reference_type
scores
0
value 0.00765
scoring_system epss
scoring_elements 0.73478
published_at 2026-04-21T12:55:00Z
1
value 0.00765
scoring_system epss
scoring_elements 0.73383
published_at 2026-04-01T12:55:00Z
2
value 0.00765
scoring_system epss
scoring_elements 0.73392
published_at 2026-04-02T12:55:00Z
3
value 0.00765
scoring_system epss
scoring_elements 0.73414
published_at 2026-04-04T12:55:00Z
4
value 0.00765
scoring_system epss
scoring_elements 0.73387
published_at 2026-04-07T12:55:00Z
5
value 0.00765
scoring_system epss
scoring_elements 0.73424
published_at 2026-04-08T12:55:00Z
6
value 0.00765
scoring_system epss
scoring_elements 0.73437
published_at 2026-04-09T12:55:00Z
7
value 0.00765
scoring_system epss
scoring_elements 0.73461
published_at 2026-04-11T12:55:00Z
8
value 0.00765
scoring_system epss
scoring_elements 0.7344
published_at 2026-04-12T12:55:00Z
9
value 0.00765
scoring_system epss
scoring_elements 0.73433
published_at 2026-04-13T12:55:00Z
10
value 0.00765
scoring_system epss
scoring_elements 0.73475
published_at 2026-04-16T12:55:00Z
11
value 0.00765
scoring_system epss
scoring_elements 0.73484
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-36213
1
reference_url https://discuss.hashicorp.com/t/hcsec-2021-16-consul-s-application-aware-intentions-deny-action-fails-open-when-combined-with-default-deny-policy/26855
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://discuss.hashicorp.com/t/hcsec-2021-16-consul-s-application-aware-intentions-deny-action-fails-open-when-combined-with-default-deny-policy/26855
2
reference_url https://github.com/hashicorp/consul
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/hashicorp/consul
3
reference_url https://github.com/hashicorp/consul/releases/tag/v1.10.1
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/hashicorp/consul/releases/tag/v1.10.1
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-36213
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-36213
5
reference_url https://security.gentoo.org/glsa/202208-09
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/202208-09
6
reference_url https://www.hashicorp.com/blog/category/consul
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.hashicorp.com/blog/category/consul
7
reference_url https://security.archlinux.org/ASA-202107-69
reference_id ASA-202107-69
reference_type
scores
url https://security.archlinux.org/ASA-202107-69
8
reference_url https://security.archlinux.org/AVG-2171
reference_id AVG-2171
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2171
fixed_packages
0
url pkg:ebuild/app-admin/consul@1.9.17
purl pkg:ebuild/app-admin/consul@1.9.17
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:ebuild/app-admin/consul@1.9.17
aliases CVE-2021-36213, GHSA-8h2g-r292-j8xh
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-65ru-yj23-qqbr
1
url VCID-ftvt-9nb3-xue3
vulnerability_id VCID-ftvt-9nb3-xue3
summary Multiple vulnerabilities have been discovered in HashiCorp Consul, the worst of which could result in denial of service.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25864.json
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25864.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-25864
reference_id
reference_type
scores
0
value 0.8334
scoring_system epss
scoring_elements 0.99275
published_at 2026-04-21T12:55:00Z
1
value 0.8334
scoring_system epss
scoring_elements 0.99274
published_at 2026-04-12T12:55:00Z
2
value 0.8334
scoring_system epss
scoring_elements 0.99273
published_at 2026-04-13T12:55:00Z
3
value 0.84021
scoring_system epss
scoring_elements 0.99304
published_at 2026-04-08T12:55:00Z
4
value 0.84021
scoring_system epss
scoring_elements 0.99306
published_at 2026-04-11T12:55:00Z
5
value 0.84021
scoring_system epss
scoring_elements 0.99298
published_at 2026-04-02T12:55:00Z
6
value 0.84021
scoring_system epss
scoring_elements 0.99301
published_at 2026-04-04T12:55:00Z
7
value 0.84021
scoring_system epss
scoring_elements 0.99305
published_at 2026-04-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-25864
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25864
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25864
3
reference_url https://discuss.hashicorp.com/t/hcsec-2021-07-consul-api-kv-endpoint-vulnerable-to-cross-site-scripting/23368
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://discuss.hashicorp.com/t/hcsec-2021-07-consul-api-kv-endpoint-vulnerable-to-cross-site-scripting/23368
4
reference_url https://github.com/hashicorp/consul
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/hashicorp/consul
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-25864
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-25864
6
reference_url https://security.gentoo.org/glsa/202208-09
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/202208-09
7
reference_url https://www.hashicorp.com/blog/category/consul
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.hashicorp.com/blog/category/consul
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1950275
reference_id 1950275
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1950275
9
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=987351
reference_id 987351
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=987351
10
reference_url https://security.archlinux.org/AVG-1829
reference_id AVG-1829
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1829
fixed_packages
0
url pkg:ebuild/app-admin/consul@1.9.17
purl pkg:ebuild/app-admin/consul@1.9.17
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:ebuild/app-admin/consul@1.9.17
aliases CVE-2020-25864, GHSA-8xmx-h8rq-h94j
risk_score 10.0
exploitability 2.0
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ftvt-9nb3-xue3
2
url VCID-gsqu-g2y4-a7ap
vulnerability_id VCID-gsqu-g2y4-a7ap
summary 
Privilege Escalation in HashiCorp Consul
HashiCorp Consul and Consul Enterprise 1.2.0 up to 1.8.5 allowed operators with operator:read ACL permissions to read the Connect CA private key configuration. Fixed in 1.6.10, 1.7.10, and 1.8.6.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-28053
reference_id
reference_type
scores
0
value 0.00257
scoring_system epss
scoring_elements 0.49077
published_at 2026-04-21T12:55:00Z
1
value 0.00257
scoring_system epss
scoring_elements 0.49004
published_at 2026-04-01T12:55:00Z
2
value 0.00257
scoring_system epss
scoring_elements 0.49039
published_at 2026-04-02T12:55:00Z
3
value 0.00257
scoring_system epss
scoring_elements 0.49068
published_at 2026-04-04T12:55:00Z
4
value 0.00257
scoring_system epss
scoring_elements 0.49021
published_at 2026-04-07T12:55:00Z
5
value 0.00257
scoring_system epss
scoring_elements 0.49075
published_at 2026-04-08T12:55:00Z
6
value 0.00257
scoring_system epss
scoring_elements 0.49071
published_at 2026-04-09T12:55:00Z
7
value 0.00257
scoring_system epss
scoring_elements 0.49088
published_at 2026-04-11T12:55:00Z
8
value 0.00257
scoring_system epss
scoring_elements 0.4906
published_at 2026-04-12T12:55:00Z
9
value 0.00257
scoring_system epss
scoring_elements 0.49067
published_at 2026-04-13T12:55:00Z
10
value 0.00257
scoring_system epss
scoring_elements 0.49112
published_at 2026-04-16T12:55:00Z
11
value 0.00257
scoring_system epss
scoring_elements 0.49109
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-28053
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28053
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28053
2
reference_url https://github.com/hashicorp/consul/blob/master/CHANGELOG.md#186-november-19-2020
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/hashicorp/consul/blob/master/CHANGELOG.md#186-november-19-2020
3
reference_url https://github.com/hashicorp/consul/commit/ff5215d882ac51b49c2647aac46b42aa9c890ce3
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/hashicorp/consul/commit/ff5215d882ac51b49c2647aac46b42aa9c890ce3
4
reference_url https://github.com/hashicorp/consul/pull/9240
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/hashicorp/consul/pull/9240
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-28053
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-28053
6
reference_url https://security.gentoo.org/glsa/202208-09
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/202208-09
7
reference_url https://www.hashicorp.com/blog/category/consul
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.hashicorp.com/blog/category/consul
8
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=975584
reference_id 975584
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=975584
9
reference_url https://security.archlinux.org/AVG-1294
reference_id AVG-1294
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1294
fixed_packages
0
url pkg:ebuild/app-admin/consul@1.9.17
purl pkg:ebuild/app-admin/consul@1.9.17
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:ebuild/app-admin/consul@1.9.17
aliases CVE-2020-28053, GHSA-6m72-467w-94rh
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gsqu-g2y4-a7ap
3
url VCID-jfzf-ynb1-23bs
vulnerability_id VCID-jfzf-ynb1-23bs
summary 
Hashicorp Consul Missing SSL Certificate Validation
HashiCorp Consul before 1.10.1 (and Consul Enterprise) has Missing SSL Certificate Validation. xds does not ensure that the Subject Alternative Name of an upstream is validated.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-32574
reference_id
reference_type
scores
0
value 0.00802
scoring_system epss
scoring_elements 0.74093
published_at 2026-04-12T12:55:00Z
1
value 0.00802
scoring_system epss
scoring_elements 0.74124
published_at 2026-04-21T12:55:00Z
2
value 0.00802
scoring_system epss
scoring_elements 0.74045
published_at 2026-04-02T12:55:00Z
3
value 0.00802
scoring_system epss
scoring_elements 0.7407
published_at 2026-04-04T12:55:00Z
4
value 0.00802
scoring_system epss
scoring_elements 0.74042
published_at 2026-04-07T12:55:00Z
5
value 0.00802
scoring_system epss
scoring_elements 0.74075
published_at 2026-04-08T12:55:00Z
6
value 0.00802
scoring_system epss
scoring_elements 0.74089
published_at 2026-04-09T12:55:00Z
7
value 0.00802
scoring_system epss
scoring_elements 0.74111
published_at 2026-04-11T12:55:00Z
8
value 0.00802
scoring_system epss
scoring_elements 0.74134
published_at 2026-04-18T12:55:00Z
9
value 0.00802
scoring_system epss
scoring_elements 0.74125
published_at 2026-04-16T12:55:00Z
10
value 0.00802
scoring_system epss
scoring_elements 0.74039
published_at 2026-04-01T12:55:00Z
11
value 0.00802
scoring_system epss
scoring_elements 0.74086
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-32574
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32574
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32574
2
reference_url https://discuss.hashicorp.com/t/hcsec-2021-17-consul-s-envoy-tls-configuration-did-not-validate-destination-service-subject-alternative-names/26856
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://discuss.hashicorp.com/t/hcsec-2021-17-consul-s-envoy-tls-configuration-did-not-validate-destination-service-subject-alternative-names/26856
3
reference_url https://github.com/hashicorp/consul/releases/tag/v1.10.1
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/hashicorp/consul/releases/tag/v1.10.1
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-32574
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-32574
5
reference_url https://security.gentoo.org/glsa/202208-09
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/202208-09
6
reference_url https://www.hashicorp.com/blog/category/consul
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.hashicorp.com/blog/category/consul
7
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991719
reference_id 991719
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991719
8
reference_url https://security.archlinux.org/ASA-202107-69
reference_id ASA-202107-69
reference_type
scores
url https://security.archlinux.org/ASA-202107-69
9
reference_url https://security.archlinux.org/AVG-2171
reference_id AVG-2171
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2171
fixed_packages
0
url pkg:ebuild/app-admin/consul@1.9.17
purl pkg:ebuild/app-admin/consul@1.9.17
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:ebuild/app-admin/consul@1.9.17
aliases CVE-2021-32574, GHSA-25gf-8qrr-g78r
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jfzf-ynb1-23bs
4
url VCID-met8-vmhb-cueu
vulnerability_id VCID-met8-vmhb-cueu
summary Multiple vulnerabilities have been discovered in HashiCorp Consul, the worst of which could result in denial of service.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-29153.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-29153.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-29153
reference_id
reference_type
scores
0
value 0.87755
scoring_system epss
scoring_elements 0.99474
published_at 2026-04-21T12:55:00Z
1
value 0.87755
scoring_system epss
scoring_elements 0.99463
published_at 2026-04-02T12:55:00Z
2
value 0.87755
scoring_system epss
scoring_elements 0.99473
published_at 2026-04-16T12:55:00Z
3
value 0.87755
scoring_system epss
scoring_elements 0.9947
published_at 2026-04-13T12:55:00Z
4
value 0.87755
scoring_system epss
scoring_elements 0.99469
published_at 2026-04-11T12:55:00Z
5
value 0.87755
scoring_system epss
scoring_elements 0.99468
published_at 2026-04-09T12:55:00Z
6
value 0.87755
scoring_system epss
scoring_elements 0.99466
published_at 2026-04-07T12:55:00Z
7
value 0.87755
scoring_system epss
scoring_elements 0.99465
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-29153
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29153
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29153
3
reference_url https://discuss.hashicorp.com
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://discuss.hashicorp.com
4
reference_url https://discuss.hashicorp.com/t/hcsec-2022-10-consul-s-http-health-check-may-allow-server-side-request-forgery
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://discuss.hashicorp.com/t/hcsec-2022-10-consul-s-http-health-check-may-allow-server-side-request-forgery
5
reference_url https://discuss.hashicorp.com/t/hcsec-2022-10-consul-s-http-health-check-may-allow-server-side-request-forgery/38393
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://discuss.hashicorp.com/t/hcsec-2022-10-consul-s-http-health-check-may-allow-server-side-request-forgery/38393
6
reference_url https://github.com/hashicorp/consul
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/hashicorp/consul
7
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RBODKZL7HQE5XXS3SA2VIDVL4LAA5RWH
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RBODKZL7HQE5XXS3SA2VIDVL4LAA5RWH
8
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBODKZL7HQE5XXS3SA2VIDVL4LAA5RWH
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBODKZL7HQE5XXS3SA2VIDVL4LAA5RWH
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-29153
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-29153
10
reference_url https://security.gentoo.org/glsa/202208-09
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/202208-09
11
reference_url https://security.netapp.com/advisory/ntap-20220602-0005
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20220602-0005
12
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1017982
reference_id 1017982
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1017982
13
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2134570
reference_id 2134570
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2134570
fixed_packages
0
url pkg:ebuild/app-admin/consul@1.9.17
purl pkg:ebuild/app-admin/consul@1.9.17
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:ebuild/app-admin/consul@1.9.17
aliases CVE-2022-29153, GHSA-q6h7-4qgw-2j9p
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-met8-vmhb-cueu
5
url VCID-mv9z-hxmr-skfp
vulnerability_id VCID-mv9z-hxmr-skfp
summary 
Denial of service in HashiCorp Consul
HashiCorp Consul Enterprise versions 1.7.0 up to 1.7.8 and 1.8.0 up to 1.8.4 includes a namespace replication bug which can be triggered to cause denial of service via infinite Raft writes. Fixed in 1.7.9 and 1.8.5.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-25201
reference_id
reference_type
scores
0
value 0.01543
scoring_system epss
scoring_elements 0.81419
published_at 2026-04-21T12:55:00Z
1
value 0.01543
scoring_system epss
scoring_elements 0.81316
published_at 2026-04-01T12:55:00Z
2
value 0.01543
scoring_system epss
scoring_elements 0.81325
published_at 2026-04-02T12:55:00Z
3
value 0.01543
scoring_system epss
scoring_elements 0.81347
published_at 2026-04-04T12:55:00Z
4
value 0.01543
scoring_system epss
scoring_elements 0.81346
published_at 2026-04-07T12:55:00Z
5
value 0.01543
scoring_system epss
scoring_elements 0.81374
published_at 2026-04-08T12:55:00Z
6
value 0.01543
scoring_system epss
scoring_elements 0.81379
published_at 2026-04-09T12:55:00Z
7
value 0.01543
scoring_system epss
scoring_elements 0.81401
published_at 2026-04-11T12:55:00Z
8
value 0.01543
scoring_system epss
scoring_elements 0.81388
published_at 2026-04-12T12:55:00Z
9
value 0.01543
scoring_system epss
scoring_elements 0.8138
published_at 2026-04-13T12:55:00Z
10
value 0.01543
scoring_system epss
scoring_elements 0.81417
published_at 2026-04-16T12:55:00Z
11
value 0.01543
scoring_system epss
scoring_elements 0.81418
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-25201
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25201
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25201
2
reference_url https://github.com/hashicorp/consul/blob/master/CHANGELOG.md#185-october-23-2020
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/hashicorp/consul/blob/master/CHANGELOG.md#185-october-23-2020
3
reference_url https://github.com/hashicorp/consul/pull/9024
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/hashicorp/consul/pull/9024
4
reference_url https://github.com/hashicorp/consul/releases/tag/v1.8.5
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/hashicorp/consul/releases/tag/v1.8.5
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-25201
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-25201
6
reference_url https://security.gentoo.org/glsa/202208-09
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/202208-09
7
reference_url https://www.hashicorp.com/blog/category/consul
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.hashicorp.com/blog/category/consul
8
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=973892
reference_id 973892
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=973892
9
reference_url https://security.archlinux.org/AVG-1295
reference_id AVG-1295
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1295
fixed_packages
0
url pkg:ebuild/app-admin/consul@1.9.17
purl pkg:ebuild/app-admin/consul@1.9.17
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:ebuild/app-admin/consul@1.9.17
aliases CVE-2020-25201, GHSA-496g-fr33-whrf
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mv9z-hxmr-skfp
6
url VCID-tfrv-ak5x-5qg7
vulnerability_id VCID-tfrv-ak5x-5qg7
summary Multiple vulnerabilities have been discovered in HashiCorp Consul, the worst of which could result in denial of service.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-28156.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-28156.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-28156
reference_id
reference_type
scores
0
value 0.00453
scoring_system epss
scoring_elements 0.63813
published_at 2026-04-21T12:55:00Z
1
value 0.00453
scoring_system epss
scoring_elements 0.63781
published_at 2026-04-13T12:55:00Z
2
value 0.00453
scoring_system epss
scoring_elements 0.63816
published_at 2026-04-16T12:55:00Z
3
value 0.00453
scoring_system epss
scoring_elements 0.63826
published_at 2026-04-18T12:55:00Z
4
value 0.00453
scoring_system epss
scoring_elements 0.63789
published_at 2026-04-04T12:55:00Z
5
value 0.00453
scoring_system epss
scoring_elements 0.63746
published_at 2026-04-07T12:55:00Z
6
value 0.00453
scoring_system epss
scoring_elements 0.63798
published_at 2026-04-08T12:55:00Z
7
value 0.00453
scoring_system epss
scoring_elements 0.63815
published_at 2026-04-09T12:55:00Z
8
value 0.00453
scoring_system epss
scoring_elements 0.63828
published_at 2026-04-11T12:55:00Z
9
value 0.00453
scoring_system epss
scoring_elements 0.63814
published_at 2026-04-12T12:55:00Z
10
value 0.01279
scoring_system epss
scoring_elements 0.79527
published_at 2026-04-02T12:55:00Z
11
value 0.01279
scoring_system epss
scoring_elements 0.7952
published_at 2026-04-01T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-28156
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1950492
reference_id 1950492
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1950492
3
reference_url https://security.archlinux.org/AVG-1830
reference_id AVG-1830
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1830
fixed_packages
0
url pkg:ebuild/app-admin/consul@1.9.17
purl pkg:ebuild/app-admin/consul@1.9.17
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:ebuild/app-admin/consul@1.9.17
aliases CVE-2021-28156
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tfrv-ak5x-5qg7
7
url VCID-tgcs-1brz-6yf4
vulnerability_id VCID-tgcs-1brz-6yf4
summary HashiCorp Consul and Consul Enterprise 1.10.1 Txn.Apply endpoint allowed services to register proxies for other services, enabling access to service traffic. Fixed in 1.8.15, 1.9.9 and 1.10.2.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-38698
reference_id
reference_type
scores
0
value 0.00564
scoring_system epss
scoring_elements 0.68438
published_at 2026-04-21T12:55:00Z
1
value 0.00564
scoring_system epss
scoring_elements 0.68343
published_at 2026-04-01T12:55:00Z
2
value 0.00564
scoring_system epss
scoring_elements 0.68363
published_at 2026-04-02T12:55:00Z
3
value 0.00564
scoring_system epss
scoring_elements 0.68382
published_at 2026-04-04T12:55:00Z
4
value 0.00564
scoring_system epss
scoring_elements 0.68359
published_at 2026-04-07T12:55:00Z
5
value 0.00564
scoring_system epss
scoring_elements 0.6841
published_at 2026-04-08T12:55:00Z
6
value 0.00564
scoring_system epss
scoring_elements 0.68427
published_at 2026-04-09T12:55:00Z
7
value 0.00564
scoring_system epss
scoring_elements 0.68453
published_at 2026-04-11T12:55:00Z
8
value 0.00564
scoring_system epss
scoring_elements 0.68441
published_at 2026-04-12T12:55:00Z
9
value 0.00564
scoring_system epss
scoring_elements 0.68408
published_at 2026-04-13T12:55:00Z
10
value 0.00564
scoring_system epss
scoring_elements 0.68446
published_at 2026-04-16T12:55:00Z
11
value 0.00564
scoring_system epss
scoring_elements 0.6846
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-38698
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38698
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38698
2
reference_url https://discuss.hashicorp.com/t/hcsec-2021-24-consul-missing-authorization-check-on-txn-apply-endpoint/29026
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://discuss.hashicorp.com/t/hcsec-2021-24-consul-missing-authorization-check-on-txn-apply-endpoint/29026
3
reference_url https://github.com/hashicorp/consul
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/hashicorp/consul
4
reference_url https://github.com/hashicorp/consul/pull/10824
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/hashicorp/consul/pull/10824
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-38698
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-38698
6
reference_url https://security.gentoo.org/glsa/202208-09
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/202208-09
7
reference_url https://www.hashicorp.com/blog/category/consul
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.hashicorp.com/blog/category/consul
8
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1015218
reference_id 1015218
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1015218
9
reference_url https://security.archlinux.org/AVG-2360
reference_id AVG-2360
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2360
fixed_packages
0
url pkg:ebuild/app-admin/consul@1.9.17
purl pkg:ebuild/app-admin/consul@1.9.17
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:ebuild/app-admin/consul@1.9.17
aliases CVE-2021-38698, GHSA-6hw5-6gcx-phmw
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tgcs-1brz-6yf4
8
url VCID-ysg6-921d-d7fe
vulnerability_id VCID-ysg6-921d-d7fe
summary Multiple vulnerabilities have been discovered in HashiCorp Consul, the worst of which could result in denial of service.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-24687
reference_id
reference_type
scores
0
value 0.00638
scoring_system epss
scoring_elements 0.70492
published_at 2026-04-09T12:55:00Z
1
value 0.00638
scoring_system epss
scoring_elements 0.70516
published_at 2026-04-21T12:55:00Z
2
value 0.00638
scoring_system epss
scoring_elements 0.70515
published_at 2026-04-11T12:55:00Z
3
value 0.00638
scoring_system epss
scoring_elements 0.70436
published_at 2026-04-02T12:55:00Z
4
value 0.00638
scoring_system epss
scoring_elements 0.70454
published_at 2026-04-04T12:55:00Z
5
value 0.00638
scoring_system epss
scoring_elements 0.70431
published_at 2026-04-07T12:55:00Z
6
value 0.00638
scoring_system epss
scoring_elements 0.70476
published_at 2026-04-08T12:55:00Z
7
value 0.00638
scoring_system epss
scoring_elements 0.70537
published_at 2026-04-18T12:55:00Z
8
value 0.00638
scoring_system epss
scoring_elements 0.70529
published_at 2026-04-16T12:55:00Z
9
value 0.00638
scoring_system epss
scoring_elements 0.70486
published_at 2026-04-13T12:55:00Z
10
value 0.00638
scoring_system epss
scoring_elements 0.705
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-24687
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24687
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24687
2
reference_url https://discuss.hashicorp.com
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://discuss.hashicorp.com
3
reference_url https://discuss.hashicorp.com/t/hcsec-2022-05-consul-ingress-gateway-panic-can-shutdown-servers
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://discuss.hashicorp.com/t/hcsec-2022-05-consul-ingress-gateway-panic-can-shutdown-servers
4
reference_url https://github.com/hashicorp/consul
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/hashicorp/consul
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-24687
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-24687
6
reference_url https://security.gentoo.org/glsa/202208-09
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/202208-09
7
reference_url https://security.netapp.com/advisory/ntap-20220331-0006
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20220331-0006
8
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1006487
reference_id 1006487
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1006487
fixed_packages
0
url pkg:ebuild/app-admin/consul@1.9.17
purl pkg:ebuild/app-admin/consul@1.9.17
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:ebuild/app-admin/consul@1.9.17
aliases CVE-2022-24687, GHSA-hj93-5fg3-3chr
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ysg6-921d-d7fe
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:ebuild/app-admin/consul@1.9.17