Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/584346?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/584346?format=api", "purl": "pkg:deb/debian/consul@1.7.4%2Bdfsg1-1?distro=bullseye", "type": "deb", "namespace": "debian", "name": "consul", "version": "1.7.4+dfsg1-1", "qualifiers": { "distro": "bullseye" }, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "1.8.6+dfsg1-1", "latest_non_vulnerable_version": "1.8.7+dfsg1-2", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/52936?format=api", "vulnerability_id": "VCID-2dmf-rj8w-xycm", "summary": "Denial of Service (DoS) in HashiCorp Consul\nHashiCorp Consul and Consul Enterprise could crash when configured with an abnormally-formed service-router entry. Introduced in 1.6.0, fixed in 1.6.6 and 1.7.4.\n### Specific Go Packages Affected\ngithub.com/hashicorp/consul/agent/consul/discoverychain", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-12758", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0063", "scoring_system": "epss", "scoring_elements": "0.70382", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.0063", "scoring_system": "epss", "scoring_elements": "0.70304", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0063", "scoring_system": "epss", "scoring_elements": "0.70289", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0063", "scoring_system": "epss", "scoring_elements": "0.70276", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0063", "scoring_system": "epss", "scoring_elements": "0.70317", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0063", "scoring_system": "epss", "scoring_elements": "0.70326", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0063", "scoring_system": "epss", "scoring_elements": "0.70308", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0063", "scoring_system": "epss", "scoring_elements": "0.70361", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.0063", "scoring_system": "epss", "scoring_elements": "0.70369", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.0063", "scoring_system": "epss", "scoring_elements": "0.70367", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.0063", "scoring_system": "epss", "scoring_elements": "0.70341", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.0063", "scoring_system": "epss", "scoring_elements": "0.70212", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.0063", "scoring_system": "epss", "scoring_elements": "0.70225", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0063", "scoring_system": "epss", "scoring_elements": "0.70242", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0063", "scoring_system": "epss", "scoring_elements": "0.70219", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0063", "scoring_system": "epss", "scoring_elements": "0.70265", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0063", "scoring_system": "epss", "scoring_elements": "0.7028", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-12758" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12758", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12758" }, { "reference_url": "https://github.com/hashicorp/consul/blob/v1.6.6/CHANGELOG.md", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/hashicorp/consul/blob/v1.6.6/CHANGELOG.md" }, { "reference_url": "https://github.com/hashicorp/consul/blob/v1.7.4/CHANGELOG.md", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/hashicorp/consul/blob/v1.7.4/CHANGELOG.md" }, { "reference_url": "https://github.com/hashicorp/consul/commit/69b44fb9424cfdc05f1b7243876ab10d236ef1fc", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/hashicorp/consul/commit/69b44fb9424cfdc05f1b7243876ab10d236ef1fc" }, { "reference_url": "https://github.com/hashicorp/consul/pull/7783", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/hashicorp/consul/pull/7783" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-12758", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-12758" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/584346?format=api", "purl": "pkg:deb/debian/consul@1.7.4%2Bdfsg1-1?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/consul@1.7.4%252Bdfsg1-1%3Fdistro=bullseye" }, { "url": "http://public2.vulnerablecode.io/api/packages/583644?format=api", "purl": "pkg:deb/debian/consul@1.8.7%2Bdfsg1-2?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/consul@1.8.7%252Bdfsg1-2%3Fdistro=bullseye" } ], "aliases": [ "CVE-2020-12758", "GHSA-q2qr-3c2p-9235" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2dmf-rj8w-xycm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/46380?format=api", "vulnerability_id": "VCID-cqzz-az3e-kych", "summary": "Improper Input Validation in HashiCorp Consul\nHashiCorp Consul and Consul Enterprise did not appropriately enforce scope for local tokens issued by a primary data center, where replication to a secondary data center was not enabled. Introduced in 1.4.0, fixed in 1.6.6 and 1.7.4.\n### Specific Go Packages Affected\ngithub.com/hashicorp/consul/agent", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-13170", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00514", "scoring_system": "epss", "scoring_elements": "0.66647", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00514", "scoring_system": "epss", "scoring_elements": "0.66578", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00514", "scoring_system": "epss", "scoring_elements": "0.66597", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00514", "scoring_system": "epss", "scoring_elements": "0.66585", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00514", "scoring_system": "epss", "scoring_elements": "0.66553", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00514", "scoring_system": "epss", "scoring_elements": "0.66588", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00514", "scoring_system": "epss", "scoring_elements": "0.66606", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00514", "scoring_system": "epss", "scoring_elements": "0.66589", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00514", "scoring_system": "epss", "scoring_elements": "0.66613", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00514", "scoring_system": "epss", "scoring_elements": "0.66628", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00514", "scoring_system": "epss", "scoring_elements": "0.66603", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00514", "scoring_system": "epss", "scoring_elements": "0.6648", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00514", "scoring_system": "epss", "scoring_elements": "0.66519", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00514", "scoring_system": "epss", "scoring_elements": "0.66544", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00514", "scoring_system": "epss", "scoring_elements": "0.66515", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00514", "scoring_system": "epss", "scoring_elements": "0.66564", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-13170" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13170", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13170" }, { "reference_url": "https://github.com/hashicorp/consul/blob/v1.6.6/CHANGELOG.md", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/hashicorp/consul/blob/v1.6.6/CHANGELOG.md" }, { "reference_url": "https://github.com/hashicorp/consul/blob/v1.7.4/CHANGELOG.md", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/hashicorp/consul/blob/v1.7.4/CHANGELOG.md" }, { "reference_url": "https://github.com/hashicorp/consul/commit/242994a016a181d6c62a5bb83189716ad13d4216", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/hashicorp/consul/commit/242994a016a181d6c62a5bb83189716ad13d4216" }, { "reference_url": "https://github.com/hashicorp/consul/pull/8068", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/hashicorp/consul/pull/8068" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-13170", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-13170" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/584346?format=api", "purl": "pkg:deb/debian/consul@1.7.4%2Bdfsg1-1?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/consul@1.7.4%252Bdfsg1-1%3Fdistro=bullseye" }, { "url": "http://public2.vulnerablecode.io/api/packages/583644?format=api", "purl": "pkg:deb/debian/consul@1.8.7%2Bdfsg1-2?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/consul@1.8.7%252Bdfsg1-2%3Fdistro=bullseye" } ], "aliases": [ "CVE-2020-13170", "GHSA-p2j5-3f4c-224r" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cqzz-az3e-kych" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/46511?format=api", "vulnerability_id": "VCID-jm2d-ejbf-qfhz", "summary": "Allocation of Resources Without Limits or Throttling in Hashicorp Consul\nHashiCorp Consul and Consul Enterprise include an HTTP API (introduced in 1.2.0) and DNS (introduced in 1.4.3) caching feature that was vulnerable to denial of service.\n\n### Specific Go Packages Affected\ngithub.com/hashicorp/consul/agent/config\n\n### Fix\nThe vulnerability is fixed in versions 1.6.6 and 1.7.4.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-13250", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00867", "scoring_system": "epss", "scoring_elements": "0.75269", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00867", "scoring_system": "epss", "scoring_elements": "0.75153", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00867", "scoring_system": "epss", "scoring_elements": "0.75165", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00867", "scoring_system": "epss", "scoring_elements": "0.75187", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00867", "scoring_system": "epss", "scoring_elements": "0.7519", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00867", "scoring_system": "epss", "scoring_elements": "0.75197", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00867", "scoring_system": "epss", "scoring_elements": "0.75186", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00867", "scoring_system": "epss", "scoring_elements": "0.75224", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00867", "scoring_system": "epss", "scoring_elements": "0.75228", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00867", "scoring_system": "epss", "scoring_elements": "0.75231", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00867", "scoring_system": "epss", "scoring_elements": "0.75241", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00867", "scoring_system": "epss", "scoring_elements": "0.75109", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00867", "scoring_system": "epss", "scoring_elements": "0.75112", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00867", "scoring_system": "epss", "scoring_elements": "0.75142", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00867", "scoring_system": "epss", "scoring_elements": "0.75119", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-13250" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13250", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13250" }, { "reference_url": "https://github.com/hashicorp/consul/blob/v1.6.6/CHANGELOG.md", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/hashicorp/consul/blob/v1.6.6/CHANGELOG.md" }, { "reference_url": "https://github.com/hashicorp/consul/blob/v1.7.4/CHANGELOG.md", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/hashicorp/consul/blob/v1.7.4/CHANGELOG.md" }, { "reference_url": "https://github.com/hashicorp/consul/commit/72f92ae7ca4cabc1dc3069362a9b64ef46941432", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/hashicorp/consul/commit/72f92ae7ca4cabc1dc3069362a9b64ef46941432" }, { "reference_url": "https://github.com/hashicorp/consul/pull/8023", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/hashicorp/consul/pull/8023" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-13250", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-13250" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/584346?format=api", "purl": "pkg:deb/debian/consul@1.7.4%2Bdfsg1-1?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/consul@1.7.4%252Bdfsg1-1%3Fdistro=bullseye" }, { "url": "http://public2.vulnerablecode.io/api/packages/583644?format=api", "purl": "pkg:deb/debian/consul@1.8.7%2Bdfsg1-2?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/consul@1.8.7%252Bdfsg1-2%3Fdistro=bullseye" } ], "aliases": [ "CVE-2020-13250", "GHSA-rqjq-mrgx-85hp" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jm2d-ejbf-qfhz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/46194?format=api", "vulnerability_id": "VCID-th2f-96u1-syhg", "summary": "Incorrect Permission Assignment for Critical Resource\tin Hashicorp Consul\nHashiCorp Consul and Consul Enterprise failed to enforce changes to legacy ACL token rules due to non-propagation to secondary data centers. Introduced in 1.4.0, fixed in 1.6.6 and 1.7.4.\n### Specific Go Packages Affected\ngithub.com/hashicorp/consul/agent/structs", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-12797", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00407", "scoring_system": "epss", "scoring_elements": "0.61168", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00407", "scoring_system": "epss", "scoring_elements": "0.61143", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00407", "scoring_system": "epss", "scoring_elements": "0.61158", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00407", "scoring_system": "epss", "scoring_elements": "0.61178", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00407", "scoring_system": "epss", "scoring_elements": "0.61165", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00407", "scoring_system": "epss", "scoring_elements": "0.61146", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00407", "scoring_system": "epss", "scoring_elements": "0.61186", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00407", "scoring_system": "epss", "scoring_elements": "0.61192", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00407", "scoring_system": "epss", "scoring_elements": "0.61173", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00407", "scoring_system": "epss", "scoring_elements": "0.61162", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00407", "scoring_system": "epss", "scoring_elements": "0.61177", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00407", "scoring_system": "epss", "scoring_elements": "0.6117", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00407", "scoring_system": "epss", "scoring_elements": "0.61119", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00407", "scoring_system": "epss", "scoring_elements": "0.61023", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00407", "scoring_system": "epss", "scoring_elements": "0.61101", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00407", "scoring_system": "epss", "scoring_elements": "0.61129", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00407", "scoring_system": "epss", "scoring_elements": "0.61095", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-12797" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12797", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12797" }, { "reference_url": "https://github.com/hashicorp/consul/blob/v1.6.6/CHANGELOG.md", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/hashicorp/consul/blob/v1.6.6/CHANGELOG.md" }, { "reference_url": "https://github.com/hashicorp/consul/blob/v1.7.4/CHANGELOG.md", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/hashicorp/consul/blob/v1.7.4/CHANGELOG.md" }, { "reference_url": "https://github.com/hashicorp/consul/commit/98eea08d3ba1b220a14cf6eedf3b6b07ae2795d7", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/hashicorp/consul/commit/98eea08d3ba1b220a14cf6eedf3b6b07ae2795d7" }, { "reference_url": "https://github.com/hashicorp/consul/issues/5606", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/hashicorp/consul/issues/5606" }, { "reference_url": "https://github.com/hashicorp/consul/pull/8047", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/hashicorp/consul/pull/8047" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-12797", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-12797" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/584346?format=api", "purl": "pkg:deb/debian/consul@1.7.4%2Bdfsg1-1?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/consul@1.7.4%252Bdfsg1-1%3Fdistro=bullseye" }, { "url": "http://public2.vulnerablecode.io/api/packages/583644?format=api", "purl": "pkg:deb/debian/consul@1.8.7%2Bdfsg1-2?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/consul@1.8.7%252Bdfsg1-2%3Fdistro=bullseye" } ], "aliases": [ "CVE-2020-12797", "GHSA-hwqm-x785-qh8p" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-th2f-96u1-syhg" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/consul@1.7.4%252Bdfsg1-1%3Fdistro=bullseye" }