Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-jfzf-ynb1-23bs
Summary
Hashicorp Consul Missing SSL Certificate Validation
HashiCorp Consul before 1.10.1 (and Consul Enterprise) has Missing SSL Certificate Validation. xds does not ensure that the Subject Alternative Name of an upstream is validated.
Aliases
0
alias CVE-2021-32574
1
alias GHSA-25gf-8qrr-g78r
Fixed_packages
0
url pkg:alpm/archlinux/consul@1.9.8-1
purl pkg:alpm/archlinux/consul@1.9.8-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/consul@1.9.8-1
1
url pkg:ebuild/app-admin/consul@1.9.17
purl pkg:ebuild/app-admin/consul@1.9.17
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:ebuild/app-admin/consul@1.9.17
2
url pkg:golang/github.com/hashicorp/consul@1.10.1
purl pkg:golang/github.com/hashicorp/consul@1.10.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9wyg-uv2p-d3ez
1
vulnerability VCID-tgcs-1brz-6yf4
resource_url http://public2.vulnerablecode.io/packages/pkg:golang/github.com/hashicorp/consul@1.10.1
Affected_packages
0
url pkg:alpm/archlinux/consul@1.9.7-1
purl pkg:alpm/archlinux/consul@1.9.7-1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-65ru-yj23-qqbr
1
vulnerability VCID-jfzf-ynb1-23bs
resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/consul@1.9.7-1
References
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-32574
reference_id
reference_type
scores
0
value 0.00802
scoring_system epss
scoring_elements 0.74093
published_at 2026-04-12T12:55:00Z
1
value 0.00802
scoring_system epss
scoring_elements 0.74124
published_at 2026-04-21T12:55:00Z
2
value 0.00802
scoring_system epss
scoring_elements 0.74045
published_at 2026-04-02T12:55:00Z
3
value 0.00802
scoring_system epss
scoring_elements 0.7407
published_at 2026-04-04T12:55:00Z
4
value 0.00802
scoring_system epss
scoring_elements 0.74042
published_at 2026-04-07T12:55:00Z
5
value 0.00802
scoring_system epss
scoring_elements 0.74075
published_at 2026-04-08T12:55:00Z
6
value 0.00802
scoring_system epss
scoring_elements 0.74089
published_at 2026-04-09T12:55:00Z
7
value 0.00802
scoring_system epss
scoring_elements 0.74111
published_at 2026-04-11T12:55:00Z
8
value 0.00802
scoring_system epss
scoring_elements 0.74134
published_at 2026-04-18T12:55:00Z
9
value 0.00802
scoring_system epss
scoring_elements 0.74125
published_at 2026-04-16T12:55:00Z
10
value 0.00802
scoring_system epss
scoring_elements 0.74039
published_at 2026-04-01T12:55:00Z
11
value 0.00802
scoring_system epss
scoring_elements 0.74086
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-32574
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32574
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32574
2
reference_url https://discuss.hashicorp.com/t/hcsec-2021-17-consul-s-envoy-tls-configuration-did-not-validate-destination-service-subject-alternative-names/26856
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://discuss.hashicorp.com/t/hcsec-2021-17-consul-s-envoy-tls-configuration-did-not-validate-destination-service-subject-alternative-names/26856
3
reference_url https://github.com/hashicorp/consul/releases/tag/v1.10.1
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/hashicorp/consul/releases/tag/v1.10.1
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-32574
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-32574
5
reference_url https://security.gentoo.org/glsa/202208-09
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/202208-09
6
reference_url https://www.hashicorp.com/blog/category/consul
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.hashicorp.com/blog/category/consul
7
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991719
reference_id 991719
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991719
8
reference_url https://security.archlinux.org/ASA-202107-69
reference_id ASA-202107-69
reference_type
scores
url https://security.archlinux.org/ASA-202107-69
9
reference_url https://security.archlinux.org/AVG-2171
reference_id AVG-2171
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2171
Weaknesses
0
cwe_id 295
name Improper Certificate Validation
description The product does not validate, or incorrectly validates, a certificate.
Exploits
Severity_range_score4.0 - 8.9
Exploitability0.5
Weighted_severity8.0
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-jfzf-ynb1-23bs