Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/79243?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/79243?format=api", "purl": "pkg:ebuild/app-admin/consul@1.9.17", "type": "ebuild", "namespace": "app-admin", "name": "consul", "version": "1.9.17", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "1.15.10", "latest_non_vulnerable_version": "1.15.10", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/43435?format=api", "vulnerability_id": "VCID-65ru-yj23-qqbr", "summary": "HashiCorp Consul L7 deny intention results in an allow action\nIn HashiCorp Consul before 1.10.1 (and Consul Enterprise), xds can generate a situation where a single L7 deny intention (with a default deny policy) results in an allow action.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-36213", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00765", "scoring_system": "epss", "scoring_elements": "0.73545", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00765", "scoring_system": "epss", "scoring_elements": "0.73437", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00765", "scoring_system": "epss", "scoring_elements": "0.73461", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00765", "scoring_system": "epss", "scoring_elements": "0.7344", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00765", "scoring_system": "epss", "scoring_elements": "0.73433", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00765", "scoring_system": "epss", "scoring_elements": "0.73475", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00765", "scoring_system": "epss", "scoring_elements": "0.73484", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00765", "scoring_system": "epss", "scoring_elements": "0.73478", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00765", "scoring_system": "epss", "scoring_elements": "0.73511", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00765", "scoring_system": "epss", "scoring_elements": "0.73522", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00765", "scoring_system": "epss", "scoring_elements": "0.7352", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00765", "scoring_system": "epss", "scoring_elements": "0.73514", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00765", "scoring_system": "epss", "scoring_elements": "0.73539", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00765", "scoring_system": "epss", "scoring_elements": "0.73562", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00765", "scoring_system": "epss", "scoring_elements": "0.73383", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00765", "scoring_system": "epss", "scoring_elements": "0.73392", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00765", "scoring_system": "epss", "scoring_elements": "0.73414", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00765", "scoring_system": "epss", "scoring_elements": "0.73387", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00765", "scoring_system": "epss", "scoring_elements": "0.73424", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-36213" }, { "reference_url": "https://discuss.hashicorp.com/t/hcsec-2021-16-consul-s-application-aware-intentions-deny-action-fails-open-when-combined-with-default-deny-policy/26855", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://discuss.hashicorp.com/t/hcsec-2021-16-consul-s-application-aware-intentions-deny-action-fails-open-when-combined-with-default-deny-policy/26855" }, { "reference_url": "https://github.com/hashicorp/consul", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/hashicorp/consul" }, { "reference_url": "https://github.com/hashicorp/consul/releases/tag/v1.10.1", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/hashicorp/consul/releases/tag/v1.10.1" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-36213", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-36213" }, { "reference_url": "https://security.gentoo.org/glsa/202208-09", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.gentoo.org/glsa/202208-09" }, { "reference_url": "https://www.hashicorp.com/blog/category/consul", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.hashicorp.com/blog/category/consul" }, { "reference_url": "https://security.archlinux.org/ASA-202107-69", "reference_id": "ASA-202107-69", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202107-69" }, { "reference_url": "https://security.archlinux.org/AVG-2171", "reference_id": "AVG-2171", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2171" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/79243?format=api", "purl": "pkg:ebuild/app-admin/consul@1.9.17", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-admin/consul@1.9.17" } ], "aliases": [ "CVE-2021-36213", "GHSA-8h2g-r292-j8xh" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-65ru-yj23-qqbr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/51526?format=api", "vulnerability_id": "VCID-ftvt-9nb3-xue3", "summary": "Multiple vulnerabilities have been discovered in HashiCorp Consul, the worst of which could result in denial of service.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25864.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25864.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-25864", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.8334", "scoring_system": "epss", "scoring_elements": "0.99285", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.8334", "scoring_system": "epss", "scoring_elements": "0.99283", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.8334", "scoring_system": "epss", "scoring_elements": "0.99282", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.8334", "scoring_system": "epss", "scoring_elements": "0.9928", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.8334", "scoring_system": "epss", "scoring_elements": "0.99277", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.8334", "scoring_system": "epss", "scoring_elements": "0.99276", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.8334", "scoring_system": "epss", "scoring_elements": "0.99275", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.8334", "scoring_system": "epss", "scoring_elements": "0.99273", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.8334", "scoring_system": "epss", "scoring_elements": "0.99274", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.84021", "scoring_system": "epss", "scoring_elements": "0.99301", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.84021", "scoring_system": "epss", "scoring_elements": "0.99298", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.84021", "scoring_system": "epss", "scoring_elements": "0.99304", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.84021", "scoring_system": "epss", "scoring_elements": "0.99305", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.84021", "scoring_system": "epss", "scoring_elements": "0.99306", "published_at": "2026-04-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-25864" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25864", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25864" }, { "reference_url": "https://discuss.hashicorp.com/t/hcsec-2021-07-consul-api-kv-endpoint-vulnerable-to-cross-site-scripting/23368", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://discuss.hashicorp.com/t/hcsec-2021-07-consul-api-kv-endpoint-vulnerable-to-cross-site-scripting/23368" }, { "reference_url": "https://github.com/hashicorp/consul", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/hashicorp/consul" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25864", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25864" }, { "reference_url": "https://security.gentoo.org/glsa/202208-09", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.gentoo.org/glsa/202208-09" }, { "reference_url": "https://www.hashicorp.com/blog/category/consul", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.hashicorp.com/blog/category/consul" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1950275", "reference_id": "1950275", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1950275" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=987351", "reference_id": "987351", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=987351" }, { "reference_url": "https://security.archlinux.org/AVG-1829", "reference_id": "AVG-1829", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1829" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/79243?format=api", "purl": "pkg:ebuild/app-admin/consul@1.9.17", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-admin/consul@1.9.17" } ], "aliases": [ "CVE-2020-25864", "GHSA-8xmx-h8rq-h94j" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ftvt-9nb3-xue3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/14168?format=api", "vulnerability_id": "VCID-gsqu-g2y4-a7ap", "summary": "Privilege Escalation in HashiCorp Consul\nHashiCorp Consul and Consul Enterprise 1.2.0 up to 1.8.5 allowed operators with operator:read ACL permissions to read the Connect CA private key configuration. Fixed in 1.6.10, 1.7.10, and 1.8.6.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-28053", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00257", "scoring_system": "epss", "scoring_elements": "0.49016", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00257", "scoring_system": "epss", "scoring_elements": "0.49088", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00257", "scoring_system": "epss", "scoring_elements": "0.4906", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00257", "scoring_system": "epss", "scoring_elements": "0.49067", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00257", "scoring_system": "epss", "scoring_elements": "0.49112", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00257", "scoring_system": "epss", "scoring_elements": "0.49109", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00257", "scoring_system": "epss", "scoring_elements": "0.49077", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00257", "scoring_system": "epss", "scoring_elements": "0.49063", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00257", "scoring_system": "epss", "scoring_elements": "0.49073", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00257", "scoring_system": "epss", "scoring_elements": "0.49029", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00257", "scoring_system": "epss", "scoring_elements": "0.48949", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00257", "scoring_system": "epss", "scoring_elements": "0.49012", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00257", "scoring_system": "epss", "scoring_elements": "0.4904", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00257", "scoring_system": "epss", "scoring_elements": "0.48987", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00257", "scoring_system": "epss", "scoring_elements": "0.49004", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00257", "scoring_system": "epss", "scoring_elements": "0.49039", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00257", "scoring_system": "epss", "scoring_elements": "0.49068", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00257", "scoring_system": "epss", "scoring_elements": "0.49021", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00257", "scoring_system": "epss", "scoring_elements": "0.49075", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00257", "scoring_system": "epss", "scoring_elements": "0.49071", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-28053" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28053", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28053" }, { "reference_url": "https://github.com/hashicorp/consul/blob/master/CHANGELOG.md#186-november-19-2020", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/hashicorp/consul/blob/master/CHANGELOG.md#186-november-19-2020" }, { "reference_url": "https://github.com/hashicorp/consul/commit/ff5215d882ac51b49c2647aac46b42aa9c890ce3", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/hashicorp/consul/commit/ff5215d882ac51b49c2647aac46b42aa9c890ce3" }, { "reference_url": "https://github.com/hashicorp/consul/pull/9240", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/hashicorp/consul/pull/9240" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-28053", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-28053" }, { "reference_url": "https://security.gentoo.org/glsa/202208-09", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.gentoo.org/glsa/202208-09" }, { "reference_url": "https://www.hashicorp.com/blog/category/consul", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.hashicorp.com/blog/category/consul" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=975584", "reference_id": "975584", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=975584" }, { "reference_url": "https://security.archlinux.org/AVG-1294", "reference_id": "AVG-1294", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1294" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/79243?format=api", "purl": "pkg:ebuild/app-admin/consul@1.9.17", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-admin/consul@1.9.17" } ], "aliases": [ "CVE-2020-28053", "GHSA-6m72-467w-94rh" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gsqu-g2y4-a7ap" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/43493?format=api", "vulnerability_id": "VCID-jfzf-ynb1-23bs", "summary": "Hashicorp Consul Missing SSL Certificate Validation\nHashiCorp Consul before 1.10.1 (and Consul Enterprise) has Missing SSL Certificate Validation. xds does not ensure that the Subject Alternative Name of an upstream is validated.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-32574", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00802", "scoring_system": "epss", "scoring_elements": "0.74196", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00802", "scoring_system": "epss", "scoring_elements": "0.74093", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00802", "scoring_system": "epss", "scoring_elements": "0.74086", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00802", "scoring_system": "epss", "scoring_elements": "0.74125", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00802", "scoring_system": "epss", "scoring_elements": "0.74134", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00802", "scoring_system": "epss", "scoring_elements": "0.74124", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00802", "scoring_system": "epss", "scoring_elements": "0.7416", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00802", "scoring_system": "epss", "scoring_elements": "0.74168", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00802", "scoring_system": "epss", "scoring_elements": "0.74161", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00802", "scoring_system": "epss", "scoring_elements": "0.74188", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00802", "scoring_system": "epss", "scoring_elements": "0.74211", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00802", "scoring_system": "epss", "scoring_elements": "0.74173", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00802", "scoring_system": "epss", "scoring_elements": "0.74039", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00802", "scoring_system": "epss", "scoring_elements": "0.74045", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00802", "scoring_system": "epss", "scoring_elements": "0.7407", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00802", "scoring_system": "epss", "scoring_elements": "0.74042", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00802", "scoring_system": "epss", "scoring_elements": "0.74075", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00802", "scoring_system": "epss", "scoring_elements": "0.74089", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00802", "scoring_system": "epss", "scoring_elements": "0.74111", "published_at": "2026-04-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-32574" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32574", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32574" }, { "reference_url": "https://discuss.hashicorp.com/t/hcsec-2021-17-consul-s-envoy-tls-configuration-did-not-validate-destination-service-subject-alternative-names/26856", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://discuss.hashicorp.com/t/hcsec-2021-17-consul-s-envoy-tls-configuration-did-not-validate-destination-service-subject-alternative-names/26856" }, { "reference_url": "https://github.com/hashicorp/consul/releases/tag/v1.10.1", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/hashicorp/consul/releases/tag/v1.10.1" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32574", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32574" }, { "reference_url": "https://security.gentoo.org/glsa/202208-09", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.gentoo.org/glsa/202208-09" }, { "reference_url": "https://www.hashicorp.com/blog/category/consul", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.hashicorp.com/blog/category/consul" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991719", "reference_id": "991719", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991719" }, { "reference_url": "https://security.archlinux.org/ASA-202107-69", "reference_id": "ASA-202107-69", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202107-69" }, { "reference_url": "https://security.archlinux.org/AVG-2171", "reference_id": "AVG-2171", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2171" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/79243?format=api", "purl": "pkg:ebuild/app-admin/consul@1.9.17", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-admin/consul@1.9.17" } ], "aliases": [ "CVE-2021-32574", "GHSA-25gf-8qrr-g78r" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jfzf-ynb1-23bs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/51529?format=api", "vulnerability_id": "VCID-met8-vmhb-cueu", "summary": "Multiple vulnerabilities have been discovered in HashiCorp Consul, the worst of which could result in denial of service.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-29153.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-29153.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-29153", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.87755", "scoring_system": "epss", "scoring_elements": "0.9948", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.87755", "scoring_system": "epss", "scoring_elements": "0.99466", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.87755", "scoring_system": "epss", "scoring_elements": "0.99474", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.87755", "scoring_system": "epss", "scoring_elements": "0.99473", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.87755", "scoring_system": "epss", "scoring_elements": "0.9947", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.87755", "scoring_system": "epss", "scoring_elements": "0.99469", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.87755", "scoring_system": "epss", "scoring_elements": "0.99468", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.87755", "scoring_system": "epss", "scoring_elements": "0.99463", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.87755", "scoring_system": "epss", "scoring_elements": "0.99465", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.87755", "scoring_system": "epss", "scoring_elements": "0.99478", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.87755", "scoring_system": "epss", "scoring_elements": "0.99477", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.87755", "scoring_system": "epss", "scoring_elements": "0.99476", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.87755", "scoring_system": "epss", "scoring_elements": "0.99475", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-29153" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29153", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29153" }, { "reference_url": "https://discuss.hashicorp.com", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://discuss.hashicorp.com" }, { "reference_url": "https://discuss.hashicorp.com/t/hcsec-2022-10-consul-s-http-health-check-may-allow-server-side-request-forgery", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://discuss.hashicorp.com/t/hcsec-2022-10-consul-s-http-health-check-may-allow-server-side-request-forgery" }, { "reference_url": "https://discuss.hashicorp.com/t/hcsec-2022-10-consul-s-http-health-check-may-allow-server-side-request-forgery/38393", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://discuss.hashicorp.com/t/hcsec-2022-10-consul-s-http-health-check-may-allow-server-side-request-forgery/38393" }, { "reference_url": "https://github.com/hashicorp/consul", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/hashicorp/consul" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RBODKZL7HQE5XXS3SA2VIDVL4LAA5RWH", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RBODKZL7HQE5XXS3SA2VIDVL4LAA5RWH" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBODKZL7HQE5XXS3SA2VIDVL4LAA5RWH", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBODKZL7HQE5XXS3SA2VIDVL4LAA5RWH" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29153", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29153" }, { "reference_url": "https://security.gentoo.org/glsa/202208-09", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.gentoo.org/glsa/202208-09" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20220602-0005", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20220602-0005" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1017982", "reference_id": "1017982", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1017982" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2134570", "reference_id": "2134570", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2134570" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/79243?format=api", "purl": "pkg:ebuild/app-admin/consul@1.9.17", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-admin/consul@1.9.17" } ], "aliases": [ "CVE-2022-29153", "GHSA-q6h7-4qgw-2j9p" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-met8-vmhb-cueu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/14476?format=api", "vulnerability_id": "VCID-mv9z-hxmr-skfp", "summary": "Denial of service in HashiCorp Consul\nHashiCorp Consul Enterprise versions 1.7.0 up to 1.7.8 and 1.8.0 up to 1.8.4 includes a namespace replication bug which can be triggered to cause denial of service via infinite Raft writes. Fixed in 1.7.9 and 1.8.5.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-25201", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01543", "scoring_system": "epss", "scoring_elements": "0.81525", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.01543", "scoring_system": "epss", "scoring_elements": "0.81401", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01543", "scoring_system": "epss", "scoring_elements": "0.81388", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01543", "scoring_system": "epss", "scoring_elements": "0.8138", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01543", "scoring_system": "epss", "scoring_elements": "0.81417", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.01543", "scoring_system": "epss", "scoring_elements": "0.81418", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.01543", "scoring_system": "epss", "scoring_elements": "0.81419", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.01543", "scoring_system": "epss", "scoring_elements": "0.81441", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.01543", "scoring_system": "epss", "scoring_elements": "0.81448", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.01543", "scoring_system": "epss", "scoring_elements": "0.81453", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.01543", "scoring_system": "epss", "scoring_elements": "0.8147", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.01543", "scoring_system": "epss", "scoring_elements": "0.8149", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.01543", "scoring_system": "epss", "scoring_elements": "0.81511", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.01543", "scoring_system": "epss", "scoring_elements": "0.81508", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.01543", "scoring_system": "epss", "scoring_elements": "0.81316", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.01543", "scoring_system": "epss", "scoring_elements": "0.81325", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01543", "scoring_system": "epss", "scoring_elements": "0.81347", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01543", "scoring_system": "epss", "scoring_elements": "0.81346", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01543", "scoring_system": "epss", "scoring_elements": "0.81374", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01543", "scoring_system": "epss", "scoring_elements": "0.81379", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-25201" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25201", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25201" }, { "reference_url": "https://github.com/hashicorp/consul/blob/master/CHANGELOG.md#185-october-23-2020", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/hashicorp/consul/blob/master/CHANGELOG.md#185-october-23-2020" }, { "reference_url": "https://github.com/hashicorp/consul/pull/9024", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/hashicorp/consul/pull/9024" }, { "reference_url": "https://github.com/hashicorp/consul/releases/tag/v1.8.5", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/hashicorp/consul/releases/tag/v1.8.5" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25201", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25201" }, { "reference_url": "https://security.gentoo.org/glsa/202208-09", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.gentoo.org/glsa/202208-09" }, { "reference_url": "https://www.hashicorp.com/blog/category/consul", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.hashicorp.com/blog/category/consul" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=973892", "reference_id": "973892", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=973892" }, { "reference_url": "https://security.archlinux.org/AVG-1295", "reference_id": "AVG-1295", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1295" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/79243?format=api", "purl": "pkg:ebuild/app-admin/consul@1.9.17", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-admin/consul@1.9.17" } ], "aliases": [ "CVE-2020-25201", "GHSA-496g-fr33-whrf" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mv9z-hxmr-skfp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/51527?format=api", "vulnerability_id": "VCID-tfrv-ak5x-5qg7", "summary": "Multiple vulnerabilities have been discovered in HashiCorp Consul, the worst of which could result in denial of service.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-28156.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-28156.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-28156", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00453", "scoring_system": "epss", "scoring_elements": "0.63899", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00453", "scoring_system": "epss", "scoring_elements": "0.63855", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00453", "scoring_system": "epss", "scoring_elements": "0.63904", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00453", "scoring_system": "epss", "scoring_elements": "0.63872", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00453", "scoring_system": "epss", "scoring_elements": "0.63789", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00453", "scoring_system": "epss", "scoring_elements": "0.63746", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00453", "scoring_system": "epss", "scoring_elements": "0.63798", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00453", "scoring_system": "epss", "scoring_elements": "0.63815", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00453", "scoring_system": "epss", "scoring_elements": "0.63828", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00453", "scoring_system": "epss", "scoring_elements": "0.63814", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00453", "scoring_system": "epss", "scoring_elements": "0.63781", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00453", "scoring_system": "epss", "scoring_elements": "0.63816", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00453", "scoring_system": "epss", "scoring_elements": "0.63826", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00453", "scoring_system": "epss", "scoring_elements": "0.63813", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00453", "scoring_system": "epss", "scoring_elements": "0.6383", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00453", "scoring_system": "epss", "scoring_elements": "0.63842", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00453", "scoring_system": "epss", "scoring_elements": "0.6384", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00453", "scoring_system": "epss", "scoring_elements": "0.63812", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.01279", "scoring_system": "epss", "scoring_elements": "0.79527", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01279", "scoring_system": "epss", "scoring_elements": "0.7952", "published_at": "2026-04-01T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-28156" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1950492", "reference_id": "1950492", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1950492" }, { "reference_url": "https://security.archlinux.org/AVG-1830", "reference_id": "AVG-1830", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1830" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/79243?format=api", "purl": "pkg:ebuild/app-admin/consul@1.9.17", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-admin/consul@1.9.17" } ], "aliases": [ "CVE-2021-28156" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tfrv-ak5x-5qg7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/35722?format=api", "vulnerability_id": "VCID-tgcs-1brz-6yf4", "summary": "HashiCorp Consul and Consul Enterprise 1.10.1 Txn.Apply endpoint allowed services to register proxies for other services, enabling access to service traffic. Fixed in 1.8.15, 1.9.9 and 1.10.2.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-38698", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00564", "scoring_system": "epss", "scoring_elements": "0.68546", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00564", "scoring_system": "epss", "scoring_elements": "0.68453", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00564", "scoring_system": "epss", "scoring_elements": "0.68441", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00564", "scoring_system": "epss", "scoring_elements": "0.68408", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00564", "scoring_system": "epss", "scoring_elements": "0.68446", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00564", "scoring_system": "epss", "scoring_elements": "0.6846", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00564", "scoring_system": "epss", "scoring_elements": "0.68438", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00564", "scoring_system": "epss", "scoring_elements": "0.68486", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00564", "scoring_system": "epss", "scoring_elements": "0.68491", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00564", "scoring_system": "epss", "scoring_elements": "0.68497", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00564", "scoring_system": "epss", "scoring_elements": "0.68475", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00564", "scoring_system": "epss", "scoring_elements": "0.68517", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00564", "scoring_system": "epss", "scoring_elements": "0.68554", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00564", "scoring_system": "epss", "scoring_elements": "0.6852", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00564", "scoring_system": "epss", "scoring_elements": "0.68343", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00564", "scoring_system": "epss", "scoring_elements": "0.68363", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00564", "scoring_system": "epss", "scoring_elements": "0.68382", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00564", "scoring_system": "epss", "scoring_elements": "0.68359", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00564", "scoring_system": "epss", "scoring_elements": "0.6841", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00564", "scoring_system": "epss", "scoring_elements": "0.68427", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-38698" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38698", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38698" }, { "reference_url": "https://discuss.hashicorp.com/t/hcsec-2021-24-consul-missing-authorization-check-on-txn-apply-endpoint/29026", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://discuss.hashicorp.com/t/hcsec-2021-24-consul-missing-authorization-check-on-txn-apply-endpoint/29026" }, { "reference_url": "https://github.com/hashicorp/consul", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/hashicorp/consul" }, { "reference_url": "https://github.com/hashicorp/consul/pull/10824", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/hashicorp/consul/pull/10824" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-38698", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-38698" }, { "reference_url": "https://security.gentoo.org/glsa/202208-09", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.gentoo.org/glsa/202208-09" }, { "reference_url": "https://www.hashicorp.com/blog/category/consul", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.hashicorp.com/blog/category/consul" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1015218", "reference_id": "1015218", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1015218" }, { "reference_url": "https://security.archlinux.org/AVG-2360", "reference_id": "AVG-2360", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2360" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/79243?format=api", "purl": "pkg:ebuild/app-admin/consul@1.9.17", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-admin/consul@1.9.17" } ], "aliases": [ "CVE-2021-38698", "GHSA-6hw5-6gcx-phmw" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tgcs-1brz-6yf4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/51528?format=api", "vulnerability_id": "VCID-ysg6-921d-d7fe", "summary": "Multiple vulnerabilities have been discovered in HashiCorp Consul, the worst of which could result in denial of service.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-24687", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00638", "scoring_system": "epss", "scoring_elements": "0.7062", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00638", "scoring_system": "epss", "scoring_elements": "0.70515", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00638", "scoring_system": "epss", "scoring_elements": "0.705", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00638", "scoring_system": "epss", "scoring_elements": "0.70486", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00638", "scoring_system": "epss", "scoring_elements": "0.70529", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00638", "scoring_system": "epss", "scoring_elements": "0.70537", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00638", "scoring_system": "epss", "scoring_elements": "0.70516", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00638", "scoring_system": "epss", "scoring_elements": "0.70567", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00638", "scoring_system": "epss", "scoring_elements": "0.70576", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00638", "scoring_system": "epss", "scoring_elements": "0.70549", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00638", "scoring_system": "epss", "scoring_elements": "0.7059", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00638", "scoring_system": "epss", "scoring_elements": "0.70622", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00638", "scoring_system": "epss", "scoring_elements": "0.70592", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00638", "scoring_system": "epss", "scoring_elements": "0.70436", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00638", "scoring_system": "epss", "scoring_elements": "0.70454", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00638", "scoring_system": "epss", "scoring_elements": "0.70431", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00638", "scoring_system": "epss", "scoring_elements": "0.70476", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00638", "scoring_system": "epss", "scoring_elements": "0.70492", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-24687" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24687", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24687" }, { "reference_url": "https://discuss.hashicorp.com", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://discuss.hashicorp.com" }, { "reference_url": "https://discuss.hashicorp.com/t/hcsec-2022-05-consul-ingress-gateway-panic-can-shutdown-servers", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://discuss.hashicorp.com/t/hcsec-2022-05-consul-ingress-gateway-panic-can-shutdown-servers" }, { "reference_url": "https://github.com/hashicorp/consul", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/hashicorp/consul" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24687", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24687" }, { "reference_url": "https://security.gentoo.org/glsa/202208-09", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.gentoo.org/glsa/202208-09" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20220331-0006", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20220331-0006" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1006487", "reference_id": "1006487", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1006487" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/79243?format=api", "purl": "pkg:ebuild/app-admin/consul@1.9.17", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-admin/consul@1.9.17" } ], "aliases": [ "CVE-2022-24687", "GHSA-hj93-5fg3-3chr" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ysg6-921d-d7fe" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-admin/consul@1.9.17" }