New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

x/vulndb: potential Go vuln in github.com/hashicorp/consul: GHSA-8h2g-r292-j8xh #1287

Closed

GoVulnBot opened this issue Jan 7, 2023 · 1 comment

Labels

GoVulnBot commented Jan 7, 2023

In GitHub Security Advisory GHSA-8h2g-r292-j8xh, there is a vulnerability in the following Go packages or modules:

Unit	Fixed	Vulnerable Ranges
github.com/hashicorp/consul	1.10.1	< 1.10.1

Cross references:

CVE-2021-36213 appears in issue x/vulndb: potential Go vuln in github.com/hashicorp/consul: CVE-2021-36213, GHSA-8h2g-r292-j8xh #895 NOT_IMPORTABLE
GHSA-8h2g-r292-j8xh appears in issue x/vulndb: potential Go vuln in github.com/hashicorp/consul: CVE-2021-36213, GHSA-8h2g-r292-j8xh #895 NOT_IMPORTABLE

See doc/triage.md for instructions on how to triage this report.

modules:
  - module: TODO
    versions:
      - fixed: 1.10.1
    packages:
      - package: github.com/hashicorp/consul
description: In HashiCorp Consul before 1.10.1 (and Consul Enterprise), xds can generate
    a situation where a single L7 deny intention (with a default deny policy) results
    in an allow action.
cves:
  - CVE-2021-36213
ghsas:
  - GHSA-8h2g-r292-j8xh

The text was updated successfully, but these errors were encountered:

Contributor

tatianab commented Jan 9, 2023

Duplicate of #895

tatianab added the duplicate label

tatianab closed this as completed

# for free to join this conversation on GitHub. Already have an account? # to comment