{"id":"CVE-2020-27195","details":"HashiCorp Nomad and Nomad Enterprise version 0.9.0 up to 0.12.5 client file sandbox feature can be subverted using either the template or artifact stanzas. Fixed in 0.12.6, 0.11.5, and 0.10.6","aliases":["GHSA-77cr-6gr8-7rr9","GO-2022-0806"],"modified":"2026-04-10T04:25:34.730455Z","published":"2020-10-22T17:15:12.597Z","references":[{"type":"WEB","url":"https://www.nomadproject.io/downloads"},{"type":"ADVISORY","url":"https://github.com/hashicorp/nomad/blob/master/CHANGELOG.md#0126-october-21-2020"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/hashicorp/nomad","events":[{"introduced":"d77075ff2053cd2e23b6a0f8b09cd43424bed792"},{"last_affected":"fce99f12a297c9f83160450bc632611877e07873"},{"introduced":"d77075ff2053cd2e23b6a0f8b09cd43424bed792"},{"last_affected":"fce99f12a297c9f83160450bc632611877e07873"},{"introduced":"ca5cd15eeffd40b68043c94eefff1ec7e6dc703f"},{"last_affected":"3c6abec8d4a5c1af96ac3e1910a90949390dea19"},{"introduced":"ca5cd15eeffd40b68043c94eefff1ec7e6dc703f"},{"last_affected":"3c6abec8d4a5c1af96ac3e1910a90949390dea19"},{"introduced":"b1aa9e2166e72b75d7e0ed39ff456393beb0f421"},{"last_affected":"ec7bf9de21bfe3623ff04b009f26aaf488bae2b1"},{"introduced":"b1aa9e2166e72b75d7e0ed39ff456393beb0f421"},{"last_affected":"ec7bf9de21bfe3623ff04b009f26aaf488bae2b1"}],"database_specific":{"versions":[{"introduced":"0.9.0"},{"last_affected":"0.10.5"},{"introduced":"0.9.0"},{"last_affected":"0.10.5"},{"introduced":"0.11.0"},{"last_affected":"0.11.4"},{"introduced":"0.11.0"},{"last_affected":"0.11.4"},{"introduced":"0.12.0"},{"last_affected":"0.12.5"},{"introduced":"0.12.0"},{"last_affected":"0.12.5"}]}}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-27195.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"}]}