Vulnerability CVE-2020-10661 Consul template v0.27.2

abhip · March 23, 2022, 9:03pm

Hi

When we install Consul template v0.27.2 , the scanner in our environment complains about CVE-2020-10661, which comes from github.com/hashicorp/vault/api. I see that this was fixed in the vault vault/CHANGELOG.md at main · hashicorp/vault · GitHub however the api or sdk is updated, How do we fix or update the version.

eikenb · March 23, 2022, 9:21pm

That CVE is about Vault itself, not the API or SDK. So no actions are required for tools that use the API or SDK. Updating Vault fixes the issue.

Hope this helps. Thanks for using consul-template!