CVE-2022-24685: Uncontrolled Resource Consumption in github.com/hashicorp/nomad

March 1, 2022

HashiCorp Nomad and Nomad Enterprise 1.x before 1.0.17, 1.1.x before 1.1.12, and 1.2.x before 1.2.6 has Uncontrolled Resource Consumption.

References

discuss.hashicorp.com/t/hcsec-2022-03-nomad-malformed-job-parsing-results-in-excessive-cpu-usage/35561
github.com/advisories/GHSA-3382-r9q8-4hfg
nvd.nist.gov/vuln/detail/CVE-2022-24685

Detect and mitigate CVE-2022-24685 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →