{"id":"CVE-2022-24685","details":"HashiCorp Nomad and Nomad Enterprise 1.0.17, 1.1.11, and 1.2.5 allow invalid HCL for the jobs parse endpoint, which may cause excessive CPU usage. Fixed in 1.0.18, 1.1.12, and 1.2.6.","aliases":["GHSA-3382-r9q8-4hfg","GO-2022-0577"],"modified":"2026-03-15T14:46:53.007713Z","published":"2022-02-28T14:15:08.497Z","references":[{"type":"WEB","url":"https://discuss.hashicorp.com/t/hcsec-2022-03-nomad-malformed-job-parsing-results-in-excessive-cpu-usage/"},{"type":"ADVISORY","url":"https://discuss.hashicorp.com/t/hcsec-2022-03-nomad-malformed-job-parsing-results-in-excessive-cpu-usage/35561"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20220331-0007/"},{"type":"ADVISORY","url":"https://discuss.hashicorp.com"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/hashicorp/nomad","events":[{"introduced":"a480eed0815c54612856d9115a34bb1d1a773e8c"},{"last_affected":"c19be8d81ba83457d627548c71570712a46e3860"},{"introduced":"a480eed0815c54612856d9115a34bb1d1a773e8c"},{"last_affected":"c19be8d81ba83457d627548c71570712a46e3860"},{"introduced":"f99f1e27bb66bee36a1f3cdf00335e81e93ffff2"},{"fixed":"8469293aa07056a0f8682e76716e12f0178fe4c8"},{"introduced":"f99f1e27bb66bee36a1f3cdf00335e81e93ffff2"},{"fixed":"8469293aa07056a0f8682e76716e12f0178fe4c8"},{"introduced":"bee0c3e04eb4ce34b8ac22ff27fcb421a9dccec5"},{"fixed":"95514d569610f15ce49b4a7a1a6bfd3e7b3e7b4f"},{"introduced":"bee0c3e04eb4ce34b8ac22ff27fcb421a9dccec5"},{"fixed":"95514d569610f15ce49b4a7a1a6bfd3e7b3e7b4f"}],"database_specific":{"versions":[{"introduced":"1.0.0"},{"last_affected":"1.0.17"},{"introduced":"1.0.0"},{"last_affected":"1.0.17"},{"introduced":"1.1.0"},{"fixed":"1.1.12"},{"introduced":"1.1.0"},{"fixed":"1.1.12"},{"introduced":"1.2.0"},{"fixed":"1.2.6"},{"introduced":"1.2.0"},{"fixed":"1.2.6"}]}}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-24685.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}