VulnerableCode Package Details - pkg:golang/github.com/hashicorp/consul@1.14.5

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-r7p6-mxej-uqak	Consul Server Panic when Ingress and API Gateways Configured with Peering Connections A vulnerability was identified in Consul and Consul Enterprise (“Consul”) an authenticated user with service:write permissions could trigger a workflow that causes Consul server and client agents to crash under certain circumstances. To exploit this vulnerability, an attacker requires access to an ACL token with service:write permissions, and there needs to be at least one running ingress or API gateway that is configured to route traffic to an upstream service.	CVE-2023-0845 GHSA-wj6x-hcc2-f32j
VCID-tn8b-w652-1ydg	Hashicorp Consul vulnerable to denial of service Consul and Consul Enterprise's cluster peering implementation contained a flaw whereby a peer cluster with service of the same name as a local service could corrupt Consul state, resulting in denial of service. This vulnerability was resolved in Consul 1.14.5, and 1.15.3	CVE-2023-1297 GHSA-c57c-7hrj-6q6v

Vulnerability

Summary

Aliases

VCID-r7p6-mxej-uqak

Consul Server Panic when Ingress and API Gateways Configured with Peering Connections A vulnerability was identified in Consul and Consul Enterprise (“Consul”) an authenticated user with service:write permissions could trigger a workflow that causes Consul server and client agents to crash under certain circumstances. To exploit this vulnerability, an attacker requires access to an ACL token with service:write permissions, and there needs to be at least one running ingress or API gateway that is configured to route traffic to an upstream service.

CVE-2023-0845
GHSA-wj6x-hcc2-f32j

VCID-tn8b-w652-1ydg

Hashicorp Consul vulnerable to denial of service Consul and Consul Enterprise's cluster peering implementation contained a flaw whereby a peer cluster with service of the same name as a local service could corrupt Consul state, resulting in denial of service. This vulnerability was resolved in Consul 1.14.5, and 1.15.3

CVE-2023-1297
GHSA-c57c-7hrj-6q6v

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T12:59:08.989040+00:00	GithubOSV Importer	Fixing	VCID-tn8b-w652-1ydg	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/06/GHSA-c57c-7hrj-6q6v/GHSA-c57c-7hrj-6q6v.json	38.0.0
2026-04-01T12:58:43.678219+00:00	GithubOSV Importer	Fixing	VCID-r7p6-mxej-uqak	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/03/GHSA-wj6x-hcc2-f32j/GHSA-wj6x-hcc2-f32j.json	38.0.0

2026-04-01T12:59:08.989040+00:00

GithubOSV Importer

Fixing

VCID-tn8b-w652-1ydg

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/06/GHSA-c57c-7hrj-6q6v/GHSA-c57c-7hrj-6q6v.json

38.0.0

2026-04-01T12:58:43.678219+00:00

GithubOSV Importer

Fixing

VCID-r7p6-mxej-uqak

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/03/GHSA-wj6x-hcc2-f32j/GHSA-wj6x-hcc2-f32j.json

38.0.0