CVE-2020-13250
Allocation of Resources Without Limits or Throttling in Hashicorp Consul in github.com/hashicorp/consul
7.5
HIGH
CVSS 3.1
EPSS 0.87%
Description
HashiCorp Consul and Consul Enterprise include an HTTP API (introduced in 1.2.0) and DNS (introduced in 1.4.3) caching feature that was vulnerable to denial of service. Fixed in 1.6.6 and 1.7.4.
How to fix CVE-2020-13250
To remediate CVE-2020-13250, upgrade the affected package to a fixed version below.
- —upgrade to 1.6.6 or later
- —upgrade to 1.7.4+dfsg1-1 or later
- —upgrade to 1.6.6 or later
- —upgrade to 1.6.6 or later
Is CVE-2020-13250 being exploited?
Low — EPSS is 0.9%, meaning exploitation activity has not been observed at scale.
Affected packages (4)
- >= 1.2.0, < 1.6.6, >= 1.7.0, < 1.7.4
- from 0, < 1.7.4+dfsg1-1
- >= 1.2.0, < 1.6.6
- >= 1.2.0, < 1.6.6, >= 1.7.0, < 1.7.4
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |