diff --git a/advisories/github-reviewed/2024/07/GHSA-5mqx-rpxv-mvxj/GHSA-5mqx-rpxv-mvxj.json b/advisories/github-reviewed/2024/07/GHSA-5mqx-rpxv-mvxj/GHSA-5mqx-rpxv-mvxj.json index 76498473bc5cf..f3c5767522e88 100644 --- a/advisories/github-reviewed/2024/07/GHSA-5mqx-rpxv-mvxj/GHSA-5mqx-rpxv-mvxj.json +++ b/advisories/github-reviewed/2024/07/GHSA-5mqx-rpxv-mvxj/GHSA-5mqx-rpxv-mvxj.json @@ -1,13 +1,13 @@ { "schema_version": "1.4.0", "id": "GHSA-5mqx-rpxv-mvxj", - "modified": "2026-01-05T14:59:35Z", + "modified": "2026-01-05T14:59:36Z", "published": "2024-07-23T03:30:33Z", "aliases": [ "CVE-2024-6717" ], "summary": "HashiCorp Nomad is vulnerable to path escape through archive unpacking during migration", - "details": "HashiCorp Nomad versions up to 1.11.1, and Nomad Enterprise versions 1.6.12 up to 1.7.9 and 1.8.1, are vulnerable to path escaping of the allocation directory during archive unpacking in migration. This vulnerability, CVE-2024-6717, is fixed in Nomad 1.11.1 and Nomad Enterprise 1.6.13, 1.7.10, and 1.8.2.", + "details": "HashiCorp Nomad and Nomad Enterprise 1.6.12 up to 1.7.9, and 1.8.1 archive unpacking during migration is vulnerable to path escaping of the allocation directory. This vulnerability, CVE-2024-6717, is fixed in Nomad 1.6.13, 1.7.10, and 1.8.2.", "severity": [ { "type": "CVSS_V3", @@ -28,7 +28,45 @@ "introduced": "0" }, { - "fixed": "1.11.1" + "fixed": "1.6.13" + } + ] + } + ] + }, + { + "package": { + "ecosystem": "Go", + "name": "github.com/hashicorp/nomad" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "1.7.10" + } + ] + } + ] + }, + { + "package": { + "ecosystem": "Go", + "name": "github.com/hashicorp/nomad" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "1.8.2" } ] }