VYPR
Moderate severityNVD Advisory· Published Feb 16, 2023· Updated Mar 18, 2025

Nomad Client Vulnerable to Decompression Bombs in Artifact Block

CVE-2023-0821

Description

HashiCorp Nomad and Nomad Enterprise 1.2.15 up to 1.3.8, and 1.4.3 jobs using a maliciously compressed artifact stanza source can cause excessive disk usage. Fixed in 1.2.16, 1.3.9, and 1.4.4.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
github.com/hashicorp/nomadGo
>= 1.2.15, < 1.2.161.2.16
github.com/hashicorp/nomadGo
>= 1.3.0, < 1.3.91.3.9
github.com/hashicorp/nomadGo
>= 1.4.0, < 1.4.41.4.4

Affected products

3

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.