CVE-2021-32575: Improper network isolation in Hashicorp Nomad

June 24, 2021

HashiCorp Nomad and Nomad Enterprise up to version 1.0.4 bridge networking mode allows ARP spoofing from other bridged tasks on the same node. Fixed in 0.12.12, 1.0.5, and 1.1.0 RC1.

References

github.com/advisories/GHSA-vf6q-9f2f-mwhv
nvd.nist.gov/vuln/detail/CVE-2021-32575

Detect and mitigate CVE-2021-32575 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →