2 matches found
Consul Exposed to Denial of Service in GoGo Protobuf Dependency
Summary Consul and Consul Enterprise “Consul” were vulnerable to denial of service due to a flaw in the gogo/protobuf module used for Consul’s protocol buffer support. This vulnerability, CVE-2021-3121, was addressed in Consul and Consul Enterprise 1.8.15, 1.9.9 and 1.10.2. Background Consul has ...
Consul DNS and HTTP Cache Abuse Denial of Service
Summary Consul and Consul Enterprise include an HTTP API introduced in 1.2.0 and DNS introduced in 1.4.3 caching feature that was vulnerable to denial of service. This vulnerability, CVE-2020-13250, was fixed in Consul 1.6.6 and 1.7.4. Background Consul 1.2.0 introduced an agent cache to ease...