Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:golang/github.com/hashicorp/nomad@1.0.18
Typegolang
Namespacegithub.com/hashicorp
Namenomad
Version1.0.18
Qualifiers
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version1.1.4
Latest_non_vulnerable_version1.10.2
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-ebpm-9nyy-z7ey
vulnerability_id VCID-ebpm-9nyy-z7ey
summary 
Nomad Spread Job Stanza May Trigger Panic in Servers
Nomad and Nomad Enterprise allows operators with job-submit capabilities to use the spread stanza in a way such that it can cause panic in Nomad servers. This vulnerability, CVE-2022-24684, was fixed in Nomad 1.0.18, 1.1.12, and 1.2.6.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-24684
reference_id
reference_type
scores
0
value 0.00671
scoring_system epss
scoring_elements 0.71404
published_at 2026-04-18T12:55:00Z
1
value 0.00671
scoring_system epss
scoring_elements 0.71316
published_at 2026-04-02T12:55:00Z
2
value 0.00671
scoring_system epss
scoring_elements 0.71334
published_at 2026-04-04T12:55:00Z
3
value 0.00671
scoring_system epss
scoring_elements 0.71308
published_at 2026-04-07T12:55:00Z
4
value 0.00671
scoring_system epss
scoring_elements 0.71349
published_at 2026-04-08T12:55:00Z
5
value 0.00671
scoring_system epss
scoring_elements 0.71362
published_at 2026-04-09T12:55:00Z
6
value 0.00671
scoring_system epss
scoring_elements 0.71384
published_at 2026-04-11T12:55:00Z
7
value 0.00671
scoring_system epss
scoring_elements 0.71369
published_at 2026-04-12T12:55:00Z
8
value 0.00671
scoring_system epss
scoring_elements 0.71352
published_at 2026-04-13T12:55:00Z
9
value 0.00671
scoring_system epss
scoring_elements 0.71398
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-24684
1
reference_url https://discuss.hashicorp.com/t/hcsec-2022-04-nomad-spread-job-stanza-may-trigger-panic-in-servers
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://discuss.hashicorp.com/t/hcsec-2022-04-nomad-spread-job-stanza-may-trigger-panic-in-servers
2
reference_url https://discuss.hashicorp.com/t/hcsec-2022-04-nomad-spread-job-stanza-may-trigger-panic-in-servers/35562
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://discuss.hashicorp.com/t/hcsec-2022-04-nomad-spread-job-stanza-may-trigger-panic-in-servers/35562
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-24684
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-24684
4
reference_url https://security.netapp.com/advisory/ntap-20220318-0008
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20220318-0008
5
reference_url https://www.github.com/hashicorp/nomad
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.github.com/hashicorp/nomad
fixed_packages
0
url pkg:golang/github.com/hashicorp/nomad@1.0.18
purl pkg:golang/github.com/hashicorp/nomad@1.0.18
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:golang/github.com/hashicorp/nomad@1.0.18
1
url pkg:golang/github.com/hashicorp/nomad@1.1.12
purl pkg:golang/github.com/hashicorp/nomad@1.1.12
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:golang/github.com/hashicorp/nomad@1.1.12
2
url pkg:golang/github.com/hashicorp/nomad@1.2.6
purl pkg:golang/github.com/hashicorp/nomad@1.2.6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:golang/github.com/hashicorp/nomad@1.2.6
aliases CVE-2022-24684, GHSA-6jm6-cmcp-fqjq
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ebpm-9nyy-z7ey
1
url VCID-k9md-c96w-7kg1
vulnerability_id VCID-k9md-c96w-7kg1
summary 
HashiCorp Nomad Artifact Download Race Condition
HashiCorp Nomad and Nomad Enterprise 0.3.0 through 1.0.17, 1.1.11, and 1.2.5 artifact download functionality has a race condition such that the Nomad client agent could download the wrong artifact into the wrong destination. This issue is fixed in 1.0.18, 1.1.12, and 1.2.6.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-24686
reference_id
reference_type
scores
0
value 0.00356
scoring_system epss
scoring_elements 0.57833
published_at 2026-04-02T12:55:00Z
1
value 0.00356
scoring_system epss
scoring_elements 0.579
published_at 2026-04-11T12:55:00Z
2
value 0.00356
scoring_system epss
scoring_elements 0.57884
published_at 2026-04-09T12:55:00Z
3
value 0.00356
scoring_system epss
scoring_elements 0.57882
published_at 2026-04-08T12:55:00Z
4
value 0.00356
scoring_system epss
scoring_elements 0.57827
published_at 2026-04-07T12:55:00Z
5
value 0.00356
scoring_system epss
scoring_elements 0.57854
published_at 2026-04-04T12:55:00Z
6
value 0.00356
scoring_system epss
scoring_elements 0.57887
published_at 2026-04-18T12:55:00Z
7
value 0.00356
scoring_system epss
scoring_elements 0.57858
published_at 2026-04-13T12:55:00Z
8
value 0.00356
scoring_system epss
scoring_elements 0.57879
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-24686
1
reference_url https://discuss.hashicorp.com
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://discuss.hashicorp.com
2
reference_url https://discuss.hashicorp.com/t/hcsec-2022-01-nomad-artifact-download-race-condition/35559
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://discuss.hashicorp.com/t/hcsec-2022-01-nomad-artifact-download-race-condition/35559
3
reference_url https://github.com/hashicorp/nomad
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/hashicorp/nomad
4
reference_url https://github.com/hashicorp/nomad/issues/12036
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/hashicorp/nomad/issues/12036
5
reference_url https://github.com/hashicorp/nomad/releases/tag/v1.2.6
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/hashicorp/nomad/releases/tag/v1.2.6
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-24686
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-24686
7
reference_url https://security.netapp.com/advisory/ntap-20220318-0008
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20220318-0008
fixed_packages
0
url pkg:golang/github.com/hashicorp/nomad@1.0.18
purl pkg:golang/github.com/hashicorp/nomad@1.0.18
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:golang/github.com/hashicorp/nomad@1.0.18
1
url pkg:golang/github.com/hashicorp/nomad@1.1.12
purl pkg:golang/github.com/hashicorp/nomad@1.1.12
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:golang/github.com/hashicorp/nomad@1.1.12
2
url pkg:golang/github.com/hashicorp/nomad@1.2.6
purl pkg:golang/github.com/hashicorp/nomad@1.2.6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:golang/github.com/hashicorp/nomad@1.2.6
aliases CVE-2022-24686, GHSA-gwmc-6795-qghj
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-k9md-c96w-7kg1
2
url VCID-mt6v-wu59-2fe3
vulnerability_id VCID-mt6v-wu59-2fe3
summary 
Arbitrary file reads in HashiCorp Nomad
Nomad is an easy-to-use, flexible, and performant workload orchestrator that can deploy a mix of microservice, batch, containerized, and non-containerized applications. HashiCorp Nomad and Nomad Enterprise 0.9.2 through 1.0.17, 1.1.11, and 1.2.5 allow operators with read-fs and alloc-exec (or job-submit) capabilities to read arbitrary files on the host filesystem as root. There are currently no known workarounds. Users are recommended to upgrade as soon as possible to avoid this issue.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-24683
reference_id
reference_type
scores
0
value 0.00474
scoring_system epss
scoring_elements 0.6479
published_at 2026-04-18T12:55:00Z
1
value 0.00474
scoring_system epss
scoring_elements 0.64742
published_at 2026-04-13T12:55:00Z
2
value 0.00474
scoring_system epss
scoring_elements 0.6477
published_at 2026-04-12T12:55:00Z
3
value 0.00474
scoring_system epss
scoring_elements 0.64781
published_at 2026-04-11T12:55:00Z
4
value 0.00474
scoring_system epss
scoring_elements 0.64764
published_at 2026-04-09T12:55:00Z
5
value 0.00474
scoring_system epss
scoring_elements 0.6475
published_at 2026-04-08T12:55:00Z
6
value 0.00474
scoring_system epss
scoring_elements 0.64702
published_at 2026-04-07T12:55:00Z
7
value 0.00474
scoring_system epss
scoring_elements 0.6478
published_at 2026-04-16T12:55:00Z
8
value 0.00474
scoring_system epss
scoring_elements 0.64744
published_at 2026-04-04T12:55:00Z
9
value 0.00474
scoring_system epss
scoring_elements 0.64716
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-24683
1
reference_url https://discuss.hashicorp.com
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://discuss.hashicorp.com
2
reference_url https://discuss.hashicorp.com/t/hcsec-2022-02-nomad-alloc-filesystem-and-container-escape/35560
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://discuss.hashicorp.com/t/hcsec-2022-02-nomad-alloc-filesystem-and-container-escape/35560
3
reference_url https://github.com/hashicorp/nomad/commit/1aa46c3796e924b72eb45a7f02dae32df0c1179c
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/hashicorp/nomad/commit/1aa46c3796e924b72eb45a7f02dae32df0c1179c
4
reference_url https://github.com/hashicorp/nomad/commit/b3c0e6a7a53d624003698b48b6c59739552c3721
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/hashicorp/nomad/commit/b3c0e6a7a53d624003698b48b6c59739552c3721
5
reference_url https://github.com/hashicorp/nomad/commit/fcb3a5d016a3dfcc63efcdb567373735a0703279
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/hashicorp/nomad/commit/fcb3a5d016a3dfcc63efcdb567373735a0703279
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-24683
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-24683
7
reference_url https://security.netapp.com/advisory/ntap-20220318-0008
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20220318-0008
fixed_packages
0
url pkg:golang/github.com/hashicorp/nomad@1.0.18
purl pkg:golang/github.com/hashicorp/nomad@1.0.18
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:golang/github.com/hashicorp/nomad@1.0.18
1
url pkg:golang/github.com/hashicorp/nomad@1.1.12
purl pkg:golang/github.com/hashicorp/nomad@1.1.12
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:golang/github.com/hashicorp/nomad@1.1.12
2
url pkg:golang/github.com/hashicorp/nomad@1.2.6
purl pkg:golang/github.com/hashicorp/nomad@1.2.6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:golang/github.com/hashicorp/nomad@1.2.6
aliases CVE-2022-24683, GHSA-wmrx-57hm-mw7r
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mt6v-wu59-2fe3
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:golang/github.com/hashicorp/nomad@1.0.18