Hashicorp Consul Cross-site Scripting vulnerability
Moderate severity
GitHub Reviewed
Published
Oct 31, 2024
to the GitHub Advisory Database
•
Updated Nov 4, 2024
Package
Affected versions
>= 1.4.1, < 1.20.0
Patched versions
1.20.0
Description
Published by the National Vulnerability Database
Oct 30, 2024
Published to the GitHub Advisory Database
Oct 31, 2024
Reviewed
Oct 31, 2024
Last updated
Nov 4, 2024
A vulnerability was identified in Consul and Consul Enterprise such that the server response did not explicitly set a Content-Type HTTP header, allowing user-provided inputs to be misinterpreted and lead to reflected XSS.
References