HashiCorp Nomad and Nomad Enterprise 1.2.15 up to 1.3.8, and 1.4.3 jobs using a maliciously compressed artifact stanza source can cause excessive disk usage. Fixed in 1.2.16, 1.3.9, and 1.4.4.

Affected Packages

Go github.com/hashicorp/nomad

Affected versions: 1.2.15 (fixed in 1.2.16)

Go github.com/hashicorp/nomad

Affected versions: 1.3.0 (fixed in 1.3.9)

Go github.com/hashicorp/nomad

Affected versions: 1.4.0 (fixed in 1.4.4)

Related CVEs

CVE-2023-0821

Key Information

GHSA ID

GHSA-w479-w22g-cffh

Published

February 17, 2023 12:30 AM

Last Modified

February 28, 2023 12:05 AM

CVSS Score

5.0 /10

Primary Ecosystem

Primary Package

github.com/hashicorp/nomad

GitHub Reviewed

✓ Yes

Dataset

Last updated: July 6, 2025 6:30 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.