CVE-2020-7218Allocation of Resources Without Limits or Throttling in Hashicorp Nomad

CWE-770Allocation of Resources Without Limits or ThrottlingCWE-400Uncontrolled Resource Consumption9 documents6 sources
Severity
7.5HIGHNVD
EPSS
0.8%
top 26.41%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Github.com Hashicorp NomadHashicorp Nomad
Timeline
PublishedJan 31
Latest updateFeb 25

Description

HashiCorp Nomad and Nonad Enterprise up to 0.10.2 HTTP/RPC services allowed unbounded resource usage, and were susceptible to unauthenticated denial of service. Fixed in 0.10.3.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

NVDhashicorp/nomad< 0.10.3

🔴Vulnerability Details

5
OSV
Allocation of Resources Without Limits or Throttling in HashiCorp Nomad in github.com/hashicorp/nomad2024-08-21
OSV
Allocation of Resources Without Limits or Throttling in HashiCorp Nomad2021-05-18
GHSA
Allocation of Resources Without Limits or Throttling in HashiCorp Nomad2021-05-18
CVEList
CVE-2020-7218: HashiCorp Nomad and Nonad Enterprise up to 02020-01-31
OSV
CVE-2020-7218: HashiCorp Nomad and Nonad Enterprise up to 02020-01-31

📐Framework References

2
CWE
Uncontrolled Resource Consumption
CWE
Allocation of Resources Without Limits or Throttling

📄Research Papers

1
arXiv
Predicting Known Vulnerabilities from Attack Descriptions Using Sentence Transformers2026-02-25
CVE-2020-7218 — Hashicorp Nomad vulnerability | cvebase