Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-cqzz-az3e-kych
Summary
Improper Input Validation in HashiCorp Consul
HashiCorp Consul and Consul Enterprise did not appropriately enforce scope for local tokens issued by a primary data center, where replication to a secondary data center was not enabled. Introduced in 1.4.0, fixed in 1.6.6 and 1.7.4.
### Specific Go Packages Affected
github.com/hashicorp/consul/agent
Aliases
0
alias CVE-2020-13170
1
alias GHSA-p2j5-3f4c-224r
Fixed_packages
0
url pkg:deb/debian/consul@1.7.4%2Bdfsg1-1?distro=bullseye
purl pkg:deb/debian/consul@1.7.4%2Bdfsg1-1?distro=bullseye
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/consul@1.7.4%252Bdfsg1-1%3Fdistro=bullseye
1
url pkg:deb/debian/consul@1.8.7%2Bdfsg1-2
purl pkg:deb/debian/consul@1.8.7%2Bdfsg1-2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/consul@1.8.7%252Bdfsg1-2
2
url pkg:deb/debian/consul@1.8.7%2Bdfsg1-2?distro=bullseye
purl pkg:deb/debian/consul@1.8.7%2Bdfsg1-2?distro=bullseye
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/consul@1.8.7%252Bdfsg1-2%3Fdistro=bullseye
3
url pkg:golang/github.com/hashicorp/consul@1.6.6
purl pkg:golang/github.com/hashicorp/consul@1.6.6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:golang/github.com/hashicorp/consul@1.6.6
4
url pkg:golang/github.com/hashicorp/consul@1.7.4
purl pkg:golang/github.com/hashicorp/consul@1.7.4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:golang/github.com/hashicorp/consul@1.7.4
Affected_packages
0
url pkg:deb/debian/consul@1.0.7~dfsg1-5
purl pkg:deb/debian/consul@1.0.7~dfsg1-5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2dmf-rj8w-xycm
1
vulnerability VCID-467g-8bds-t3ef
2
vulnerability VCID-cqzz-az3e-kych
3
vulnerability VCID-ftvt-9nb3-xue3
4
vulnerability VCID-gkgb-5g8x-7fgf
5
vulnerability VCID-gsqu-g2y4-a7ap
6
vulnerability VCID-jm2d-ejbf-qfhz
7
vulnerability VCID-mv9z-hxmr-skfp
8
vulnerability VCID-pet2-hhx7-g7fc
9
vulnerability VCID-th2f-96u1-syhg
10
vulnerability VCID-xzyq-wm1j-dkcu
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/consul@1.0.7~dfsg1-5
References
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-13170
reference_id
reference_type
scores
0
value 0.00514
scoring_system epss
scoring_elements 0.66589
published_at 2026-04-21T12:55:00Z
1
value 0.00514
scoring_system epss
scoring_elements 0.66519
published_at 2026-04-02T12:55:00Z
2
value 0.00514
scoring_system epss
scoring_elements 0.66544
published_at 2026-04-04T12:55:00Z
3
value 0.00514
scoring_system epss
scoring_elements 0.66515
published_at 2026-04-07T12:55:00Z
4
value 0.00514
scoring_system epss
scoring_elements 0.66564
published_at 2026-04-08T12:55:00Z
5
value 0.00514
scoring_system epss
scoring_elements 0.66578
published_at 2026-04-09T12:55:00Z
6
value 0.00514
scoring_system epss
scoring_elements 0.66597
published_at 2026-04-11T12:55:00Z
7
value 0.00514
scoring_system epss
scoring_elements 0.66585
published_at 2026-04-12T12:55:00Z
8
value 0.00514
scoring_system epss
scoring_elements 0.66553
published_at 2026-04-13T12:55:00Z
9
value 0.00514
scoring_system epss
scoring_elements 0.66588
published_at 2026-04-16T12:55:00Z
10
value 0.00514
scoring_system epss
scoring_elements 0.66606
published_at 2026-04-18T12:55:00Z
11
value 0.00514
scoring_system epss
scoring_elements 0.6648
published_at 2026-04-01T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-13170
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13170
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13170
2
reference_url https://github.com/hashicorp/consul/blob/v1.6.6/CHANGELOG.md
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/hashicorp/consul/blob/v1.6.6/CHANGELOG.md
3
reference_url https://github.com/hashicorp/consul/blob/v1.7.4/CHANGELOG.md
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/hashicorp/consul/blob/v1.7.4/CHANGELOG.md
4
reference_url https://github.com/hashicorp/consul/commit/242994a016a181d6c62a5bb83189716ad13d4216
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/hashicorp/consul/commit/242994a016a181d6c62a5bb83189716ad13d4216
5
reference_url https://github.com/hashicorp/consul/pull/8068
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/hashicorp/consul/pull/8068
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-13170
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-13170
Weaknesses
0
cwe_id 20
name Improper Input Validation
description The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
Exploits
Severity_range_score4.0 - 6.9
Exploitability0.5
Weighted_severity6.2
Risk_score3.1
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-cqzz-az3e-kych