Skip to content

Commit 76228ba

Browse files
advisory-database[bot]advisory-database[bot]
committed
Publish Advisories
GHSA-7g3r-8c6v-hfmr GHSA-j4vr-pcmw-hx59 GHSA-qh7p-pfq3-677h
1 parent 0e1caec commit 76228ba

File tree

3 files changed

+92
-10
lines changed

3 files changed

+92
-10
lines changed

advisories/unreviewed/2025/10/GHSA-7g3r-8c6v-hfmr/GHSA-7g3r-8c6v-hfmr.json renamed to advisories/github-reviewed/2025/10/GHSA-7g3r-8c6v-hfmr/GHSA-7g3r-8c6v-hfmr.json

Lines changed: 41 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -1,36 +1,73 @@
11
{
22
"schema_version": "1.4.0",
33
"id": "GHSA-7g3r-8c6v-hfmr",
4-
"modified": "2025-10-28T21:30:33Z",
4+
"modified": "2025-10-29T15:40:04Z",
55
"published": "2025-10-28T21:30:33Z",
66
"aliases": [
77
"CVE-2025-11374"
88
],
9+
"summary": "Consul key/value endpoint is vulnerable to denial of service",
910
"details": "Consul and Consul Enterprise’s (“Consul”) key/value endpoint is vulnerable to denial of service (DoS) due to incorrect Content Length header validation. This vulnerability, CVE-2025-11374, is fixed in Consul Community Edition 1.22.0 and Consul Enterprise 1.22.0, 1.21.6, 1.20.8 and 1.18.12.",
1011
"severity": [
1112
{
1213
"type": "CVSS_V3",
1314
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
1415
}
1516
],
16-
"affected": [],
17+
"affected": [
18+
{
19+
"package": {
20+
"ecosystem": "Go",
21+
"name": "github.com/hashicorp/consul"
22+
},
23+
"ranges": [
24+
{
25+
"type": "ECOSYSTEM",
26+
"events": [
27+
{
28+
"introduced": "0"
29+
},
30+
{
31+
"fixed": "1.22.0"
32+
}
33+
]
34+
}
35+
]
36+
}
37+
],
1738
"references": [
1839
{
1940
"type": "ADVISORY",
2041
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-11374"
2142
},
43+
{
44+
"type": "WEB",
45+
"url": "https://github.com/hashicorp/consul/pull/22916"
46+
},
47+
{
48+
"type": "WEB",
49+
"url": "https://github.com/hashicorp/consul/commit/72a358cd02533477536ad4bd2b781f520fa7fac6"
50+
},
2251
{
2352
"type": "WEB",
2453
"url": "https://discuss.hashicorp.com/t/hcsec-2025-29-consuls-kv-endpoint-is-vulnerable-to-denial-of-service/76724"
54+
},
55+
{
56+
"type": "PACKAGE",
57+
"url": "https://github.com/hashicorp/consul"
58+
},
59+
{
60+
"type": "WEB",
61+
"url": "https://github.com/hashicorp/consul/releases/tag/v1.22.0"
2562
}
2663
],
2764
"database_specific": {
2865
"cwe_ids": [
2966
"CWE-770"
3067
],
3168
"severity": "MODERATE",
32-
"github_reviewed": false,
33-
"github_reviewed_at": null,
69+
"github_reviewed": true,
70+
"github_reviewed_at": "2025-10-29T15:40:04Z",
3471
"nvd_published_at": "2025-10-28T21:15:37Z"
3572
}
3673
}

advisories/github-reviewed/2025/10/GHSA-j4vr-pcmw-hx59/GHSA-j4vr-pcmw-hx59.json

Lines changed: 10 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
{
22
"schema_version": "1.4.0",
33
"id": "GHSA-j4vr-pcmw-hx59",
4-
"modified": "2025-10-24T15:06:51Z",
4+
"modified": "2025-10-29T15:42:32Z",
55
"published": "2025-10-24T15:06:51Z",
66
"aliases": [
77
"CVE-2023-32199"
@@ -40,10 +40,18 @@
4040
"type": "WEB",
4141
"url": "https://github.com/rancher/rancher/security/advisories/GHSA-j4vr-pcmw-hx59"
4242
},
43+
{
44+
"type": "ADVISORY",
45+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-32199"
46+
},
4347
{
4448
"type": "WEB",
4549
"url": "https://github.com/rancher/rancher/pull/52303"
4650
},
51+
{
52+
"type": "WEB",
53+
"url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2023-32199"
54+
},
4755
{
4856
"type": "PACKAGE",
4957
"url": "https://github.com/rancher/rancher"
@@ -56,6 +64,6 @@
5664
"severity": "MODERATE",
5765
"github_reviewed": true,
5866
"github_reviewed_at": "2025-10-24T15:06:51Z",
59-
"nvd_published_at": null
67+
"nvd_published_at": "2025-10-29T15:15:40Z"
6068
}
6169
}

advisories/unreviewed/2025/10/GHSA-qh7p-pfq3-677h/GHSA-qh7p-pfq3-677h.json renamed to advisories/github-reviewed/2025/10/GHSA-qh7p-pfq3-677h/GHSA-qh7p-pfq3-677h.json

Lines changed: 41 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -1,36 +1,73 @@
11
{
22
"schema_version": "1.4.0",
33
"id": "GHSA-qh7p-pfq3-677h",
4-
"modified": "2025-10-28T21:30:33Z",
4+
"modified": "2025-10-29T15:40:11Z",
55
"published": "2025-10-28T21:30:33Z",
66
"aliases": [
77
"CVE-2025-11375"
88
],
9+
"summary": "Consul event endpoint is vulnerable to denial of service",
910
"details": "Consul and Consul Enterprise’s (“Consul”) event endpoint is vulnerable to denial of service (DoS) due to lack of maximum value on the Content Length header. This vulnerability, CVE-2025-11375, is fixed in Consul Community Edition 1.22.0 and Consul Enterprise 1.22.0, 1.21.6, 1.20.8 and 1.18.12.",
1011
"severity": [
1112
{
1213
"type": "CVSS_V3",
1314
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
1415
}
1516
],
16-
"affected": [],
17+
"affected": [
18+
{
19+
"package": {
20+
"ecosystem": "Go",
21+
"name": "github.com/hashicorp/consul"
22+
},
23+
"ranges": [
24+
{
25+
"type": "ECOSYSTEM",
26+
"events": [
27+
{
28+
"introduced": "0"
29+
},
30+
{
31+
"fixed": "1.22.0"
32+
}
33+
]
34+
}
35+
]
36+
}
37+
],
1738
"references": [
1839
{
1940
"type": "ADVISORY",
2041
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-11375"
2142
},
43+
{
44+
"type": "WEB",
45+
"url": "https://github.com/hashicorp/consul/pull/22836"
46+
},
47+
{
48+
"type": "WEB",
49+
"url": "https://github.com/hashicorp/consul/commit/e794201d0c618333d81ad775270f7b32801178fb"
50+
},
2251
{
2352
"type": "WEB",
2453
"url": "https://discuss.hashicorp.com/t/hcsec-2025-28-consuls-event-endpoint-is-vulnerable-to-denial-of-service/76723"
54+
},
55+
{
56+
"type": "PACKAGE",
57+
"url": "https://github.com/hashicorp/consul"
58+
},
59+
{
60+
"type": "WEB",
61+
"url": "https://github.com/hashicorp/consul/releases/tag/v1.22.0"
2562
}
2663
],
2764
"database_specific": {
2865
"cwe_ids": [
2966
"CWE-770"
3067
],
3168
"severity": "MODERATE",
32-
"github_reviewed": false,
33-
"github_reviewed_at": null,
69+
"github_reviewed": true,
70+
"github_reviewed_at": "2025-10-29T15:40:11Z",
3471
"nvd_published_at": "2025-10-28T21:15:37Z"
3572
}
3673
}

0 commit comments

Comments
 (0)