Hashicorp Consul Improper Neutralization of HTTP Headers for Scripting Syntax vulnerability
Moderate severity
GitHub Reviewed
Published
Oct 31, 2024
to the GitHub Advisory Database
•
Updated Nov 8, 2024
Package
Affected versions
>= 1.9.0, < 1.20.1
Patched versions
1.20.1
Description
Published by the National Vulnerability Database
Oct 30, 2024
Published to the GitHub Advisory Database
Oct 31, 2024
Reviewed
Oct 31, 2024
Last updated
Nov 8, 2024
A vulnerability was identified in Consul and Consul Enterprise ("Consul") such that using Headers in L7 traffic intentions could bypass HTTP header based access rules.
References