CVE-2020-28348

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in go/github.com/hashicorp/nomad

Identifiers

GHSA-5x92-p4p5-33c4, CVE-2020-28348

Package Slug

go/github.com/hashicorp/nomad

Vulnerability

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Description

HashiCorp Nomad and Nomad Enterprise 0.9.0 up to 0.12.7 client Docker file sandbox feature may be subverted when not explicitly disabled or when using a volume mount type. Fixed in 0.12.8, 0.11.7, and 0.10.8.

Affected Versions

All versions starting from 0.9.0 before 0.12.7

Solution

Upgrade to version 0.12.7 or above.

Last Modified

2022-07-24

source