[pkg-go] Bug#1034841: consul: CVE-2021-41803

Moritz Mühlenhoff jmm at inutil.org
Tue Apr 25 19:55:33 BST 2023

Source: consul
X-Debbugs-CC: team at security.debian.org
Severity: grave
Tags: security


The following vulnerability was published for consul.

| HashiCorp Consul 1.8.1 up to 1.11.8, 1.12.4, and 1.13.1 do not
| properly validate the node or segment names prior to interpolation and
| usage in JWT claim assertions with the auto config RPC. Fixed in
| 1.11.9, 1.12.5, and 1.13.2."


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2021-41803

Please adjust the affected versions in the BTS as needed.

More information about the Pkg-go-maintainers mailing list