VulnerableCode Package Details - pkg:golang/github.com/hashicorp/nomad@1.0.18

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-ebpm-9nyy-z7ey	Nomad Spread Job Stanza May Trigger Panic in Servers Nomad and Nomad Enterprise allows operators with job-submit capabilities to use the spread stanza in a way such that it can cause panic in Nomad servers. This vulnerability, CVE-2022-24684, was fixed in Nomad 1.0.18, 1.1.12, and 1.2.6.	CVE-2022-24684 GHSA-6jm6-cmcp-fqjq
VCID-k9md-c96w-7kg1	HashiCorp Nomad Artifact Download Race Condition HashiCorp Nomad and Nomad Enterprise 0.3.0 through 1.0.17, 1.1.11, and 1.2.5 artifact download functionality has a race condition such that the Nomad client agent could download the wrong artifact into the wrong destination. This issue is fixed in 1.0.18, 1.1.12, and 1.2.6.	CVE-2022-24686 GHSA-gwmc-6795-qghj
VCID-mt6v-wu59-2fe3	Arbitrary file reads in HashiCorp Nomad Nomad is an easy-to-use, flexible, and performant workload orchestrator that can deploy a mix of microservice, batch, containerized, and non-containerized applications. HashiCorp Nomad and Nomad Enterprise 0.9.2 through 1.0.17, 1.1.11, and 1.2.5 allow operators with read-fs and alloc-exec (or job-submit) capabilities to read arbitrary files on the host filesystem as root. There are currently no known workarounds. Users are recommended to upgrade as soon as possible to avoid this issue.	CVE-2022-24683 GHSA-wmrx-57hm-mw7r

Vulnerability

Summary

Aliases

VCID-ebpm-9nyy-z7ey

Nomad Spread Job Stanza May Trigger Panic in Servers Nomad and Nomad Enterprise allows operators with job-submit capabilities to use the spread stanza in a way such that it can cause panic in Nomad servers. This vulnerability, CVE-2022-24684, was fixed in Nomad 1.0.18, 1.1.12, and 1.2.6.

CVE-2022-24684
GHSA-6jm6-cmcp-fqjq

VCID-k9md-c96w-7kg1

HashiCorp Nomad Artifact Download Race Condition HashiCorp Nomad and Nomad Enterprise 0.3.0 through 1.0.17, 1.1.11, and 1.2.5 artifact download functionality has a race condition such that the Nomad client agent could download the wrong artifact into the wrong destination. This issue is fixed in 1.0.18, 1.1.12, and 1.2.6.

CVE-2022-24686
GHSA-gwmc-6795-qghj

VCID-mt6v-wu59-2fe3

Arbitrary file reads in HashiCorp Nomad Nomad is an easy-to-use, flexible, and performant workload orchestrator that can deploy a mix of microservice, batch, containerized, and non-containerized applications. HashiCorp Nomad and Nomad Enterprise 0.9.2 through 1.0.17, 1.1.11, and 1.2.5 allow operators with read-fs and alloc-exec (or job-submit) capabilities to read arbitrary files on the host filesystem as root. There are currently no known workarounds. Users are recommended to upgrade as soon as possible to avoid this issue.

CVE-2022-24683
GHSA-wmrx-57hm-mw7r

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T13:06:28.719101+00:00	GithubOSV Importer	Fixing	VCID-ebpm-9nyy-z7ey	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/02/GHSA-6jm6-cmcp-fqjq/GHSA-6jm6-cmcp-fqjq.json	38.0.0
2026-04-01T13:06:27.082274+00:00	GithubOSV Importer	Fixing	VCID-mt6v-wu59-2fe3	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/02/GHSA-wmrx-57hm-mw7r/GHSA-wmrx-57hm-mw7r.json	38.0.0
2026-04-01T13:06:25.357179+00:00	GithubOSV Importer	Fixing	VCID-k9md-c96w-7kg1	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/02/GHSA-gwmc-6795-qghj/GHSA-gwmc-6795-qghj.json	38.0.0