{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-21T11:44:38.742","vulnerabilities":[{"cve":{"id":"CVE-2023-0821","sourceIdentifier":"security@hashicorp.com","published":"2023-02-16T22:15:11.097","lastModified":"2024-11-21T07:37:54.133","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"HashiCorp Nomad and Nomad Enterprise 1.2.15 up to 1.3.8, and 1.4.3 jobs using a maliciously compressed artifact stanza source can cause excessive disk usage. Fixed in 1.2.16, 1.3.9, and 1.4.4."},{"lang":"es","value":"Los trabajos de HashiCorp Nomad y Nomad Enterprise 1.2.15 hasta 1.3.8 y 1.4.3 que utilizan una fuente de stanza de artefacto comprimida de forma maliciosa pueden causar un uso excesivo del disco. Corregido en 1.2.16, 1.3.9 y 1.4.4."}],"metrics":{"cvssMetricV31":[{"source":"security@hashicorp.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6}]},"weaknesses":[{"source":"security@hashicorp.com","type":"Secondary","description":[{"lang":"en","value":"CWE-409"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-Other"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:hashicorp:nomad:*:*:*:*:-:*:*:*","versionEndExcluding":"1.2.15","matchCriteriaId":"98DF3B6E-1C27-4843-BB28-1FA3AB012431"},{"vulnerable":true,"criteria":"cpe:2.3:a:hashicorp:nomad:*:*:*:*:enterprise:*:*:*","versionEndExcluding":"1.2.15","matchCriteriaId":"F82F9A88-E6D7-4255-904B-2D7AA1C840D9"},{"vulnerable":true,"criteria":"cpe:2.3:a:hashicorp:nomad:*:*:*:*:-:*:*:*","versionStartIncluding":"1.3.0","versionEndExcluding":"1.3.9","matchCriteriaId":"64FB8A46-BF26-460F-87E7-9FF51A9E3951"},{"vulnerable":true,"criteria":"cpe:2.3:a:hashicorp:nomad:*:*:*:*:enterprise:*:*:*","versionStartIncluding":"1.3.0","versionEndExcluding":"1.3.9","matchCriteriaId":"9120A20A-0F48-4402-A281-820CD0D9D295"},{"vulnerable":true,"criteria":"cpe:2.3:a:hashicorp:nomad:*:*:*:*:-:*:*:*","versionStartIncluding":"1.4.0","versionEndExcluding":"1.4.4","matchCriteriaId":"345CB160-3D34-4F84-8957-91BD1103D89F"},{"vulnerable":true,"criteria":"cpe:2.3:a:hashicorp:nomad:*:*:*:*:enterprise:*:*:*","versionStartIncluding":"1.4.0","versionEndExcluding":"1.4.4","matchCriteriaId":"9A6D8426-DD9C-4142-B55C-5C3263DAA62A"}]}]}],"references":[{"url":"https://discuss.hashicorp.com/t/hcsec-2023-05-nomad-client-vulnerable-to-decompression-bombs-in-artifact-block/50292","source":"security@hashicorp.com","tags":["Vendor Advisory"]},{"url":"https://discuss.hashicorp.com/t/hcsec-2023-05-nomad-client-vulnerable-to-decompression-bombs-in-artifact-block/50292","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}}]}