FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Consul -- Multiple vulnerabilities

Affected packages
consul < 1.9.5

Details

VuXML ID 093a6baf-9f99-11eb-b150-000c292ee6b8
Discovery 2021-04-15
Entry 2021-04-17

Hashicorp reports:

Add content-type headers to raw KV responses to prevent XSS attacks (CVE-2020-25864). audit-logging: Parse endpoint URL to prevent requests from bypassing the audit log (CVE-2021-28156).

References

CVE Name CVE-2020-25864
CVE Name CVE-2021-28156
URL https://github.com/hashicorp/consul/releases/tag/v1.9.5