VulnerableCode Package Details - pkg:golang/github.com/hashicorp/consul@1.10.1

Search for packages

Vulnerability	Summary	Fixed by
VCID-9wyg-uv2p-d3ez Aliases: CVE-2021-37219 GHSA-ccw8-7688-vqx4	HashiCorp Consul Privilege Escalation Vulnerability HashiCorp Consul and Consul Enterprise 1.10.1 Raft RPC layer allows non-server agents with a valid certificate signed by the same CA to access server-only functionality, enabling privilege escalation. Fixed in 1.8.15, 1.9.9 and 1.10.2.	1.10.2 Affected by 0 other vulnerabilities.
VCID-tgcs-1brz-6yf4 Aliases: CVE-2021-38698 GHSA-6hw5-6gcx-phmw	HashiCorp Consul and Consul Enterprise 1.10.1 Txn.Apply endpoint allowed services to register proxies for other services, enabling access to service traffic. Fixed in 1.8.15, 1.9.9 and 1.10.2.	1.10.2 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-9wyg-uv2p-d3ez
Aliases:
CVE-2021-37219
GHSA-ccw8-7688-vqx4

HashiCorp Consul Privilege Escalation Vulnerability HashiCorp Consul and Consul Enterprise 1.10.1 Raft RPC layer allows non-server agents with a valid certificate signed by the same CA to access server-only functionality, enabling privilege escalation. Fixed in 1.8.15, 1.9.9 and 1.10.2.

1.10.2
Affected by 0 other vulnerabilities.

VCID-tgcs-1brz-6yf4
Aliases:
CVE-2021-38698
GHSA-6hw5-6gcx-phmw

HashiCorp Consul and Consul Enterprise 1.10.1 Txn.Apply endpoint allowed services to register proxies for other services, enabling access to service traffic. Fixed in 1.8.15, 1.9.9 and 1.10.2.

1.10.2
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-65ru-yj23-qqbr	HashiCorp Consul L7 deny intention results in an allow action In HashiCorp Consul before 1.10.1 (and Consul Enterprise), xds can generate a situation where a single L7 deny intention (with a default deny policy) results in an allow action.	CVE-2021-36213 GHSA-8h2g-r292-j8xh
VCID-jfzf-ynb1-23bs	Hashicorp Consul Missing SSL Certificate Validation HashiCorp Consul before 1.10.1 (and Consul Enterprise) has Missing SSL Certificate Validation. xds does not ensure that the Subject Alternative Name of an upstream is validated.	CVE-2021-32574 GHSA-25gf-8qrr-g78r

Vulnerability

Summary

Aliases

VCID-65ru-yj23-qqbr

HashiCorp Consul L7 deny intention results in an allow action In HashiCorp Consul before 1.10.1 (and Consul Enterprise), xds can generate a situation where a single L7 deny intention (with a default deny policy) results in an allow action.

CVE-2021-36213
GHSA-8h2g-r292-j8xh

VCID-jfzf-ynb1-23bs

Hashicorp Consul Missing SSL Certificate Validation HashiCorp Consul before 1.10.1 (and Consul Enterprise) has Missing SSL Certificate Validation. xds does not ensure that the Subject Alternative Name of an upstream is validated.

CVE-2021-32574
GHSA-25gf-8qrr-g78r

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T13:02:15.155087+00:00	GithubOSV Importer	Fixing	VCID-jfzf-ynb1-23bs	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/07/GHSA-25gf-8qrr-g78r/GHSA-25gf-8qrr-g78r.json	38.0.0
2026-04-01T13:02:14.818677+00:00	GithubOSV Importer	Fixing	VCID-65ru-yj23-qqbr	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/07/GHSA-8h2g-r292-j8xh/GHSA-8h2g-r292-j8xh.json	38.0.0
2026-04-01T13:01:02.803014+00:00	GithubOSV Importer	Affected by	VCID-9wyg-uv2p-d3ez	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/09/GHSA-ccw8-7688-vqx4/GHSA-ccw8-7688-vqx4.json	38.0.0
2026-04-01T13:00:56.130590+00:00	GithubOSV Importer	Affected by	VCID-tgcs-1brz-6yf4	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/09/GHSA-6hw5-6gcx-phmw/GHSA-6hw5-6gcx-phmw.json	38.0.0