x/vulndb: potential Go vuln in github.com/hashicorp/consul: GHSA-q6h7-4qgw-2j9p #615
Description
In GitHub Security Advisory GHSA-q6h7-4qgw-2j9p, there is a vulnerability in the following Go packages or modules:
| Unit | Fixed | Vulnerable Ranges |
|---|---|---|
| github.com/hashicorp/consul | 1.11.5 | >= 1.11.0, < 1.11.5 |
See doc/triage.md for instructions on how to triage this report.
packages:
- package: github.com/hashicorp/consul
versions:
- introduced: 1.11.0
fixed: 1.11.5
- package: github.com/hashicorp/consul
versions:
- introduced: 1.10.0
fixed: 1.10.10
- package: github.com/hashicorp/consul
versions:
- fixed: 1.9.17
description: ' A vulnerability was identified in Consul and Consul Enterprise (“Consul”)
such that HTTP health check endpoints returning an HTTP redirect may be abused
as a vector for server-side request forgery (SSRF). This vulnerability, CVE-2022-29153,
was fixed in Consul 1.9.17, 1.10.10, and 1.11.5.'
published: 2022-04-20T00:00:33Z
last_modified: 2022-06-03T21:11:19Z
cves:
- CVE-2022-29153
ghsas:
- GHSA-q6h7-4qgw-2j9p
links:
context:
- https://github.com/advisories/GHSA-q6h7-4qgw-2j9p