Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-7jkf-h91y-33f3

Summary

HashiCorp Nomad vulnerable to Allocation of Resources Without Limits or Throttling
HashiCorp Nomad and Nomad Enterprise 1.x before 1.0.17, 1.1.x before 1.1.12, and 1.2.x before 1.2.6 is vulnerable to Allocation of Resources Without Limits or Throttling.

Aliases

alias	CVE-2022-24685

alias	GHSA-3382-r9q8-4hfg

Fixed_packages

url	pkg:apk/alpine/nomad@1.1.12-r0?arch=ppc64le&distroversion=v3.15&reponame=community
purl	pkg:apk/alpine/nomad@1.1.12-r0?arch=ppc64le&distroversion=v3.15&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/nomad@1.1.12-r0%3Farch=ppc64le&distroversion=v3.15&reponame=community

url	pkg:apk/alpine/nomad@1.1.12-r0?arch=aarch64&distroversion=v3.15&reponame=community
purl	pkg:apk/alpine/nomad@1.1.12-r0?arch=aarch64&distroversion=v3.15&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/nomad@1.1.12-r0%3Farch=aarch64&distroversion=v3.15&reponame=community

url	pkg:apk/alpine/nomad@1.1.12-r0?arch=armhf&distroversion=v3.15&reponame=community
purl	pkg:apk/alpine/nomad@1.1.12-r0?arch=armhf&distroversion=v3.15&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/nomad@1.1.12-r0%3Farch=armhf&distroversion=v3.15&reponame=community

url	pkg:apk/alpine/nomad@1.1.12-r0?arch=armv7&distroversion=v3.15&reponame=community
purl	pkg:apk/alpine/nomad@1.1.12-r0?arch=armv7&distroversion=v3.15&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/nomad@1.1.12-r0%3Farch=armv7&distroversion=v3.15&reponame=community

url	pkg:apk/alpine/nomad@1.1.12-r0?arch=s390x&distroversion=v3.15&reponame=community
purl	pkg:apk/alpine/nomad@1.1.12-r0?arch=s390x&distroversion=v3.15&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/nomad@1.1.12-r0%3Farch=s390x&distroversion=v3.15&reponame=community

url	pkg:apk/alpine/nomad@1.1.12-r0?arch=x86&distroversion=v3.15&reponame=community
purl	pkg:apk/alpine/nomad@1.1.12-r0?arch=x86&distroversion=v3.15&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/nomad@1.1.12-r0%3Farch=x86&distroversion=v3.15&reponame=community

url	pkg:apk/alpine/nomad@1.1.12-r0?arch=x86_64&distroversion=v3.15&reponame=community
purl	pkg:apk/alpine/nomad@1.1.12-r0?arch=x86_64&distroversion=v3.15&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/nomad@1.1.12-r0%3Farch=x86_64&distroversion=v3.15&reponame=community

url	pkg:apk/alpine/nomad@1.2.6-r0?arch=aarch64&distroversion=v3.16&reponame=community
purl	pkg:apk/alpine/nomad@1.2.6-r0?arch=aarch64&distroversion=v3.16&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/nomad@1.2.6-r0%3Farch=aarch64&distroversion=v3.16&reponame=community

url	pkg:apk/alpine/nomad@1.2.6-r0?arch=armhf&distroversion=v3.16&reponame=community
purl	pkg:apk/alpine/nomad@1.2.6-r0?arch=armhf&distroversion=v3.16&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/nomad@1.2.6-r0%3Farch=armhf&distroversion=v3.16&reponame=community

url	pkg:apk/alpine/nomad@1.2.6-r0?arch=armv7&distroversion=v3.16&reponame=community
purl	pkg:apk/alpine/nomad@1.2.6-r0?arch=armv7&distroversion=v3.16&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/nomad@1.2.6-r0%3Farch=armv7&distroversion=v3.16&reponame=community

url	pkg:apk/alpine/nomad@1.2.6-r0?arch=ppc64le&distroversion=v3.16&reponame=community
purl	pkg:apk/alpine/nomad@1.2.6-r0?arch=ppc64le&distroversion=v3.16&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/nomad@1.2.6-r0%3Farch=ppc64le&distroversion=v3.16&reponame=community

url	pkg:apk/alpine/nomad@1.2.6-r0?arch=s390x&distroversion=v3.16&reponame=community
purl	pkg:apk/alpine/nomad@1.2.6-r0?arch=s390x&distroversion=v3.16&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/nomad@1.2.6-r0%3Farch=s390x&distroversion=v3.16&reponame=community

url	pkg:apk/alpine/nomad@1.2.6-r0?arch=x86&distroversion=v3.16&reponame=community
purl	pkg:apk/alpine/nomad@1.2.6-r0?arch=x86&distroversion=v3.16&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/nomad@1.2.6-r0%3Farch=x86&distroversion=v3.16&reponame=community

url	pkg:apk/alpine/nomad@1.2.6-r0?arch=x86_64&distroversion=v3.16&reponame=community
purl	pkg:apk/alpine/nomad@1.2.6-r0?arch=x86_64&distroversion=v3.16&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/nomad@1.2.6-r0%3Farch=x86_64&distroversion=v3.16&reponame=community

url	pkg:apk/alpine/nomad@1.2.6-r0?arch=armv7&distroversion=v3.17&reponame=community
purl	pkg:apk/alpine/nomad@1.2.6-r0?arch=armv7&distroversion=v3.17&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/nomad@1.2.6-r0%3Farch=armv7&distroversion=v3.17&reponame=community

url	pkg:apk/alpine/nomad@1.2.6-r0?arch=ppc64le&distroversion=v3.17&reponame=community
purl	pkg:apk/alpine/nomad@1.2.6-r0?arch=ppc64le&distroversion=v3.17&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/nomad@1.2.6-r0%3Farch=ppc64le&distroversion=v3.17&reponame=community

url	pkg:apk/alpine/nomad@1.2.6-r0?arch=s390x&distroversion=v3.17&reponame=community
purl	pkg:apk/alpine/nomad@1.2.6-r0?arch=s390x&distroversion=v3.17&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/nomad@1.2.6-r0%3Farch=s390x&distroversion=v3.17&reponame=community

url	pkg:apk/alpine/nomad@1.2.6-r0?arch=x86&distroversion=v3.17&reponame=community
purl	pkg:apk/alpine/nomad@1.2.6-r0?arch=x86&distroversion=v3.17&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/nomad@1.2.6-r0%3Farch=x86&distroversion=v3.17&reponame=community

url	pkg:apk/alpine/nomad@1.2.6-r0?arch=x86_64&distroversion=v3.17&reponame=community
purl	pkg:apk/alpine/nomad@1.2.6-r0?arch=x86_64&distroversion=v3.17&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/nomad@1.2.6-r0%3Farch=x86_64&distroversion=v3.17&reponame=community

url	pkg:apk/alpine/nomad@1.2.6-r0?arch=aarch64&distroversion=v3.18&reponame=community
purl	pkg:apk/alpine/nomad@1.2.6-r0?arch=aarch64&distroversion=v3.18&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/nomad@1.2.6-r0%3Farch=aarch64&distroversion=v3.18&reponame=community

url	pkg:apk/alpine/nomad@1.2.6-r0?arch=armhf&distroversion=v3.18&reponame=community
purl	pkg:apk/alpine/nomad@1.2.6-r0?arch=armhf&distroversion=v3.18&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/nomad@1.2.6-r0%3Farch=armhf&distroversion=v3.18&reponame=community

url	pkg:apk/alpine/nomad@1.2.6-r0?arch=armv7&distroversion=v3.18&reponame=community
purl	pkg:apk/alpine/nomad@1.2.6-r0?arch=armv7&distroversion=v3.18&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/nomad@1.2.6-r0%3Farch=armv7&distroversion=v3.18&reponame=community

url	pkg:apk/alpine/nomad@1.2.6-r0?arch=s390x&distroversion=v3.18&reponame=community
purl	pkg:apk/alpine/nomad@1.2.6-r0?arch=s390x&distroversion=v3.18&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/nomad@1.2.6-r0%3Farch=s390x&distroversion=v3.18&reponame=community

url	pkg:apk/alpine/nomad@1.2.6-r0?arch=x86&distroversion=v3.18&reponame=community
purl	pkg:apk/alpine/nomad@1.2.6-r0?arch=x86&distroversion=v3.18&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/nomad@1.2.6-r0%3Farch=x86&distroversion=v3.18&reponame=community

url	pkg:apk/alpine/nomad@1.2.6-r0?arch=x86_64&distroversion=v3.18&reponame=community
purl	pkg:apk/alpine/nomad@1.2.6-r0?arch=x86_64&distroversion=v3.18&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/nomad@1.2.6-r0%3Farch=x86_64&distroversion=v3.18&reponame=community

url	pkg:apk/alpine/nomad@1.2.6-r0?arch=aarch64&distroversion=v3.17&reponame=community
purl	pkg:apk/alpine/nomad@1.2.6-r0?arch=aarch64&distroversion=v3.17&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/nomad@1.2.6-r0%3Farch=aarch64&distroversion=v3.17&reponame=community

url	pkg:apk/alpine/nomad@1.2.6-r0?arch=armhf&distroversion=v3.17&reponame=community
purl	pkg:apk/alpine/nomad@1.2.6-r0?arch=armhf&distroversion=v3.17&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/nomad@1.2.6-r0%3Farch=armhf&distroversion=v3.17&reponame=community

url	pkg:apk/alpine/nomad@1.2.6-r0?arch=ppc64le&distroversion=v3.18&reponame=community
purl	pkg:apk/alpine/nomad@1.2.6-r0?arch=ppc64le&distroversion=v3.18&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/nomad@1.2.6-r0%3Farch=ppc64le&distroversion=v3.18&reponame=community

url	pkg:golang/github.com/hashicorp/nomad@1.0.17
purl	pkg:golang/github.com/hashicorp/nomad@1.0.17
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:golang/github.com/hashicorp/nomad@1.0.17

url	pkg:golang/github.com/hashicorp/nomad@1.1.12
purl	pkg:golang/github.com/hashicorp/nomad@1.1.12
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:golang/github.com/hashicorp/nomad@1.1.12

url	pkg:golang/github.com/hashicorp/nomad@1.2.6
purl	pkg:golang/github.com/hashicorp/nomad@1.2.6
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:golang/github.com/hashicorp/nomad@1.2.6

Affected_packages

References

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-24685

reference_id

reference_type

scores

value	0.00693
scoring_system	epss
scoring_elements	0.71884
published_at	2026-04-21T12:55:00Z

value	0.00693
scoring_system	epss
scoring_elements	0.71822
published_at	2026-04-02T12:55:00Z

value	0.00693
scoring_system	epss
scoring_elements	0.7184
published_at	2026-04-04T12:55:00Z

value	0.00693
scoring_system	epss
scoring_elements	0.71814
published_at	2026-04-07T12:55:00Z

value	0.00693
scoring_system	epss
scoring_elements	0.71853
published_at	2026-04-13T12:55:00Z

value	0.00693
scoring_system	epss
scoring_elements	0.71864
published_at	2026-04-09T12:55:00Z

value	0.00693
scoring_system	epss
scoring_elements	0.71888
published_at	2026-04-11T12:55:00Z

value	0.00693
scoring_system	epss
scoring_elements	0.7187
published_at	2026-04-12T12:55:00Z

value	0.00693
scoring_system	epss
scoring_elements	0.71895
published_at	2026-04-16T12:55:00Z

value	0.00693
scoring_system	epss
scoring_elements	0.719
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-24685

reference_url

https://discuss.hashicorp.com

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://discuss.hashicorp.com

reference_url

https://discuss.hashicorp.com/t/hcsec-2022-03-nomad-malformed-job-parsing-results-in-excessive-cpu-usage

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://discuss.hashicorp.com/t/hcsec-2022-03-nomad-malformed-job-parsing-results-in-excessive-cpu-usage

reference_url

https://discuss.hashicorp.com/t/hcsec-2022-03-nomad-malformed-job-parsing-results-in-excessive-cpu-usage/35561

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://discuss.hashicorp.com/t/hcsec-2022-03-nomad-malformed-job-parsing-results-in-excessive-cpu-usage/35561

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2022-24685

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-24685

reference_url

https://security.netapp.com/advisory/ntap-20220331-0007

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20220331-0007

Weaknesses

cwe_id	770
name	Allocation of Resources Without Limits or Throttling
description	The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.

Exploits

Severity_range_score 7.0 - 8.9

Exploitability null

Weighted_severity null

Risk_score null

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7jkf-h91y-33f3

Vulnerability Instance