Hashicorp Consul Path Traversal vulnerability
High severity
GitHub Reviewed
Published
Oct 31, 2024
to the GitHub Advisory Database
•
Updated Nov 4, 2024
Package
Affected versions
>= 1.9.0, < 1.20.1
Patched versions
1.20.1
Description
Published by the National Vulnerability Database
Oct 30, 2024
Published to the GitHub Advisory Database
Oct 31, 2024
Reviewed
Oct 31, 2024
Last updated
Nov 4, 2024
A vulnerability was identified in Consul and Consul Enterprise ("Consul") such that using URL paths in L7 traffic intentions could bypass HTTP request path-based access rules.
References