CVE-2020-27195: Use After Free in HashiCorp Nomad

February 15, 2022 (updated October 2, 2023)

HashiCorp Nomad and Nomad Enterprise version 0.9.0 up to 0.12.5 client file sandbox feature can be subverted using either the template or artifact stanzas. Fixed in 0.12.6, 0.11.5, and 0.10.6

References

github.com/advisories/GHSA-77cr-6gr8-7rr9
github.com/hashicorp/nomad/blob/master/CHANGELOG.md
github.com/hashicorp/nomad/issues/9129
github.com/hashicorp/nomad/pull/9139
nvd.nist.gov/vuln/detail/CVE-2020-27195
www.nomadproject.io/downloads

Code Behaviors & Features

Detect and mitigate CVE-2020-27195 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →