GHSA-27wf-5967-98gx:  Kubernetes kubelet arbitrary command execution

GHSA-mr95-vfcf-fx9p: Apache Answer: Predictable Authorization Token Using UUIDv1

GHSA-pqhp-25j4-6hq9: smol-toml has a Denial of Service via malicious TOML document using deeply nested inline tables

GHSA-v5h2-q2w4-gpcx: Sentry improper error handling leaks Application Integration Client Secret

GHSA-8w49-h785-mj3c: Tornado has an HTTP cookie parsing DoS vulnerability

HashiCorp Nomad and Nomad Enterprise version 0.2.0 up to 1.3.0 were impacted by go-getter vulnerabilities enabling privilege escalation through the artifact stanza in submitted jobs onto the client agent host. Fixed in 1.1.14, 1.2.8, and 1.3.1.

**Package**

gomod github.com/hashicorp/nomad (Go )

**Affected versions**

\>= 0.2.0, < 1.1.14

\>= 1.2.0, < 1.2.8

\>= 1.3.0, < 1.3.1

**Patched versions**

1.1.14

1.2.8

1.3.1

Headline

GHSA-526x-rm7j-v389: Privilege escalation in Hashicorp Nomad

Related news

ghsa: Latest News