HashiCorp Nomad and Nomad Enterprise 1.0.17, 1.1.11, and 1.2.5 allow invalid HCL for the jobs parse endpoint, which may cause excessive CPU usage. Fixed in 1.0.18, 1.1.12, and 1.2.6.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| github.com/hashicorp/nomad(Go) | 1.0.0 | 1.0.17 | N/A |
| github.com/hashicorp/nomad(Go) | 1.1.0 | 1.1.12 | N/A |
| github.com/hashicorp/nomad(Go) | 1.2.0 | 1.2.6 | N/A |
CVSS Metrics
