VulnerableCode Package Details - pkg:alpm/archlinux/vault@1.7.1-2

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:alpm/archlinux/vault@1.7.1-2

Essentials
History (3)

purl	pkg:alpm/archlinux/vault@1.7.1-2

Next non-vulnerable version	1.7.2-1
Latest non-vulnerable version	1.9.0-1
Risk	4.0

Vulnerabilities affecting this package (1)

Vulnerability	Summary	Fixed by
VCID-2car-wc6d-p3a2 Aliases: CVE-2021-32923 GHSA-38j9-7pp9-2hjw	Invalid session token expiration HashiCorp Vault and Vault Enterprise allowed the renewal of nearly-expired token leases and dynamic secret leases (specifically, those within 1 second of their maximum TTL), which caused them to be incorrectly treated as non-expiring during subsequent use. Fixed in 1.5.9, 1.6.5, and 1.7.2.	1.7.2-1 Affected by 0 other vulnerabilities.

Vulnerabilities fixed by this package (2)

Vulnerability	Summary	Aliases
VCID-n5ax-e27d-gyd1	vault: PKI Engine CRL May Exclude Revoked But Unexpired Certificates After Tidy	CVE-2021-29653
VCID-ydp2-m1ez-wbdp	vault: TLS certificates not validated when connecting to Cassandra clusters	CVE-2021-27400

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T18:26:45.890669+00:00	Arch Linux Importer	Fixing	VCID-ydp2-m1ez-wbdp	https://security.archlinux.org/AVG-1860	38.0.0
2026-04-01T18:26:45.867236+00:00	Arch Linux Importer	Fixing	VCID-n5ax-e27d-gyd1	https://security.archlinux.org/AVG-1860	38.0.0
2026-04-01T18:26:43.130272+00:00	Arch Linux Importer	Affected by	VCID-2car-wc6d-p3a2	https://security.archlinux.org/AVG-2029	38.0.0