{"id":"CVE-2022-41606","details":"HashiCorp Nomad and Nomad Enterprise 1.0.2 up to 1.2.12, and 1.3.5 jobs submitted with an artifact stanza using invalid S3 or GCS URLs can be used to crash client agents. Fixed in 1.2.13, 1.3.6, and 1.4.0.","aliases":["GHSA-7v3g-4878-5qrf","GO-2022-1062"],"modified":"2026-04-10T04:51:25.700154Z","published":"2022-10-12T00:15:10.537Z","references":[{"type":"ADVISORY","url":"https://discuss.hashicorp.com"},{"type":"ADVISORY","url":"https://discuss.hashicorp.com/t/hcsec-2022-22-nomad-panics-on-job-submission-with-bad-artifact-stanza-source-url/45420"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/hashicorp/nomad","events":[{"introduced":"fff533a3fefe848b6997f56855327f653e4ec491"},{"fixed":"6892b138959f03d2fcc02975b61c24c297b360bb"},{"introduced":"fff533a3fefe848b6997f56855327f653e4ec491"},{"fixed":"6892b138959f03d2fcc02975b61c24c297b360bb"},{"introduced":"52e95d64113e01be05d585d8b4c07f6f19efebbc"},{"fixed":"3076d2b2f087cbcffd54cdcdd0e60bacad2cc6f5"},{"introduced":"52e95d64113e01be05d585d8b4c07f6f19efebbc"},{"fixed":"3076d2b2f087cbcffd54cdcdd0e60bacad2cc6f5"}],"database_specific":{"versions":[{"introduced":"1.0.2"},{"fixed":"1.2.13"},{"introduced":"1.0.2"},{"fixed":"1.2.13"},{"introduced":"1.3.0"},{"fixed":"1.3.6"},{"introduced":"1.3.0"},{"fixed":"1.3.6"}]}}],"versions":["v1.3.0","v1.3.2"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-41606.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}]}