[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2024-10006":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T14:55:33.319Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":43,"aliases":44,"duplicate_of":9,"upstream":48,"downstream":49,"duplicates":60,"related":61,"reserved_at":9,"published_at":71,"modified_at":72,"state":73,"summary":74,"references_raw":83,"kevs":123,"epss":124,"epss_history":127,"metrics":389,"affected":406},"CVE-2024-10006","A vulnerability was identified in Consul and Consul Enterprise (“Consul”) such that using Headers in L7 traffic intentions could bypass HTTP header based access rules.",null,[11,20],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-644","Improper Neutralization of HTTP Headers for Scripting Syntax","The product does not neutralize or incorrectly neutralizes web scripting syntax in HTTP headers that can be used by web browser components that can process raw headers, such as Flash.","weakness","Incomplete","Variant","High",[],{"_key":21,"id":21,"name":22,"description":23,"type":15,"status":24,"abstraction":25,"likelihood_of_exploit":18,"capec":26},"CWE-116","Improper Encoding or Escaping of Output","The product prepares a structured message for communication with another component, but encoding or escaping of the data is either missing or done incorrectly. As a result, the intended structure of the message is not preserved.","Draft","Class",[27,31,35,39],{"id":28,"name":29,"techniques":30},"CAPEC-104","Cross Zone Scripting",[],{"id":32,"name":33,"techniques":34},"CAPEC-73","User-Controlled Filename",[],{"id":36,"name":37,"techniques":38},"CAPEC-81","Web Server Logs Tampering",[],{"id":40,"name":41,"techniques":42},"CAPEC-85","AJAX Footprinting",[],[],[45,46,47],"GHSA-5c4w-8hhh-3c3h","BIT-consul-2024-10006","GO-2024-3241",[],[50,52,54,56,58],{"_key":51},"UBUNTU-CVE-2024-10006",{"_key":53},"OPENSUSE-SU-2024:0350-1",{"_key":55},"SUSE-SU-2024:3950-1",{"_key":57},"OPENSUSE-SU-2024:14458-1",{"_key":59},"DEBIAN-CVE-2024-10006",[],[62,63,64,65,67,69],{"_key":53},{"_key":55},{"_key":57},{"_key":66},"CGA-P4F2-PFJ8-379F",{"_key":68},"CGA-QVMG-MX92-49X9",{"_key":70},"CGA-PCG4-47FF-WFQV","2024-10-30T21:20:37.011Z","2025-01-10T13:06:41.296Z","Modified",{"cisa_kev":75,"cisa_ransomware":75,"cisa_vendor":9,"epss_severity":76,"epss_score":77,"severity":78,"severity_score":79,"severity_version":80,"severity_source":81,"severity_vector":82,"severity_status":73},false,"low",0.00035,"high",8.3,"v3.1","cve.org","CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L",[84,92,96,101,106,110,115,119],{"url":85,"sources":86,"tags":89},"https://discuss.hashicorp.com/t/hcsec-2024-23-consul-l7-intentions-vulnerable-to-headers-bypass",[81,87,88],"nvd","osv_go",[90,91],"Vendor Advisory","WEB",{"url":93,"sources":94,"tags":95},"https://security.netapp.com/advisory/ntap-20250110-0005/",[81,87],[],{"url":97,"sources":98,"tags":99},"https://nvd.nist.gov/vuln/detail/CVE-2024-10006",[88],[100],"Advisory",{"url":102,"sources":103,"tags":104},"https://github.com/hashicorp/consul/pull/21816",[88],[91,105],"FIX",{"url":107,"sources":108,"tags":109},"https://github.com/hashicorp/consul/commit/d9206fc7e284a9244af4d62f8653a63ca30bd00c",[88],[91,105],{"url":111,"sources":112,"tags":113},"https://github.com/hashicorp/consul",[88],[114],"PACKAGE",{"url":116,"sources":117,"tags":118},"https://security.netapp.com/advisory/ntap-20250110-0005",[88],[91],{"url":120,"sources":121,"tags":122},"https://github.com/advisories/GHSA-5c4w-8hhh-3c3h",[88],[100],[],{"date":125,"score":77,"percentile":126},"2026-06-04",0.10819,[128,132,135,138,141,143,146,149,152,155,158,161,163,166,169,173,176,179,181,184,187,190,193,196,199,202,205,208,211,214,217,219,222,225,228,231,234,237,240,243,246,249,252,255,258,261,264,267,270,273,276,279,282,285,289,292,295,298,301,304,306,309,311,314,317,320,323,326,329,332,335,338,340,343,346,349,351,353,355,357,360,363,366,369,372,375,378,381,384,387],{"date":129,"score":130,"percentile":131},"2025-11-04",0.00059,0.18566,{"date":133,"score":130,"percentile":134},"2025-11-05",0.18578,{"date":136,"score":130,"percentile":137},"2025-11-06",0.18584,{"date":139,"score":130,"percentile":140},"2025-11-07",0.18602,{"date":142,"score":130,"percentile":140},"2025-11-08",{"date":144,"score":130,"percentile":145},"2025-11-09",0.18577,{"date":147,"score":130,"percentile":148},"2025-11-10",0.18537,{"date":150,"score":130,"percentile":151},"2025-11-11",0.18542,{"date":153,"score":130,"percentile":154},"2025-11-12",0.1858,{"date":156,"score":130,"percentile":157},"2025-11-13",0.18609,{"date":159,"score":130,"percentile":160},"2025-11-14",0.18596,{"date":162,"score":130,"percentile":134},"2025-11-15",{"date":164,"score":130,"percentile":165},"2025-11-16",0.18535,{"date":167,"score":130,"percentile":168},"2025-11-17",0.1846,{"date":170,"score":171,"percentile":172},"2025-11-18",0.00255,0.45498,{"date":174,"score":171,"percentile":175},"2025-11-19",0.45507,{"date":177,"score":171,"percentile":178},"2025-11-20",0.45513,{"date":180,"score":130,"percentile":168},"2025-11-21",{"date":182,"score":130,"percentile":183},"2025-11-22",0.18467,{"date":185,"score":130,"percentile":186},"2025-11-23",0.18434,{"date":188,"score":130,"percentile":189},"2025-11-24",0.18399,{"date":191,"score":130,"percentile":192},"2025-11-25",0.18387,{"date":194,"score":130,"percentile":195},"2025-11-26",0.18377,{"date":197,"score":130,"percentile":198},"2025-11-27",0.1838,{"date":200,"score":130,"percentile":201},"2025-11-28",0.18364,{"date":203,"score":130,"percentile":204},"2025-11-29",0.1834,{"date":206,"score":130,"percentile":207},"2025-11-30",0.18346,{"date":209,"score":130,"percentile":210},"2025-12-01",0.18394,{"date":212,"score":130,"percentile":213},"2025-12-02",0.18402,{"date":215,"score":130,"percentile":216},"2025-12-03",0.18413,{"date":218,"score":130,"percentile":195},"2025-12-04",{"date":220,"score":130,"percentile":221},"2025-12-05",0.18431,{"date":223,"score":130,"percentile":224},"2025-12-06",0.18428,{"date":226,"score":130,"percentile":227},"2025-12-07",0.18416,{"date":229,"score":77,"percentile":230},"2025-12-08",0.09913,{"date":232,"score":77,"percentile":233},"2025-12-09",0.09961,{"date":235,"score":77,"percentile":236},"2025-12-10",0.10034,{"date":238,"score":77,"percentile":239},"2025-12-11",0.10062,{"date":241,"score":77,"percentile":242},"2025-12-12",0.1009,{"date":244,"score":77,"percentile":245},"2025-12-13",0.10094,{"date":247,"score":77,"percentile":248},"2025-12-14",0.10084,{"date":250,"score":77,"percentile":251},"2025-12-15",0.10011,{"date":253,"score":77,"percentile":254},"2025-12-16",0.09998,{"date":256,"score":77,"percentile":257},"2025-12-17",0.10076,{"date":259,"score":77,"percentile":260},"2025-12-18",0.10129,{"date":262,"score":77,"percentile":263},"2025-12-19",0.1015,{"date":265,"score":77,"percentile":266},"2025-12-20",0.10141,{"date":268,"score":77,"percentile":269},"2025-12-21",0.10123,{"date":271,"score":77,"percentile":272},"2025-12-22",0.10098,{"date":274,"score":77,"percentile":275},"2025-12-23",0.10063,{"date":277,"score":77,"percentile":278},"2025-12-24",0.10067,{"date":280,"score":77,"percentile":281},"2025-12-25",0.10149,{"date":283,"score":77,"percentile":284},"2025-12-26",0.10144,{"date":286,"score":287,"percentile":288},"2025-12-27",0.00039,0.11752,{"date":290,"score":77,"percentile":291},"2025-12-28",0.10153,{"date":293,"score":77,"percentile":294},"2025-12-29",0.10111,{"date":296,"score":77,"percentile":297},"2025-12-30",0.10093,{"date":299,"score":77,"percentile":300},"2025-12-31",0.10146,{"date":302,"score":77,"percentile":303},"2026-01-01",0.10185,{"date":305,"score":77,"percentile":303},"2026-01-02",{"date":307,"score":77,"percentile":308},"2026-01-03",0.10154,{"date":310,"score":77,"percentile":257},"2026-01-04",{"date":312,"score":77,"percentile":313},"2026-01-05",0.10038,{"date":315,"score":77,"percentile":316},"2026-01-06",0.10033,{"date":318,"score":77,"percentile":319},"2026-01-07",0.10064,{"date":321,"score":77,"percentile":322},"2026-01-08",0.10115,{"date":324,"score":77,"percentile":325},"2026-01-09",0.10145,{"date":327,"score":77,"percentile":328},"2026-01-10",0.10173,{"date":330,"score":77,"percentile":331},"2026-01-11",0.10156,{"date":333,"score":77,"percentile":334},"2026-01-12",0.10134,{"date":336,"score":77,"percentile":337},"2026-01-13",0.10096,{"date":339,"score":77,"percentile":281},"2026-01-14",{"date":341,"score":77,"percentile":342},"2026-01-15",0.1016,{"date":344,"score":77,"percentile":345},"2026-01-16",0.10193,{"date":347,"score":77,"percentile":348},"2026-01-17",0.10211,{"date":350,"score":77,"percentile":328},"2026-01-18",{"date":352,"score":77,"percentile":269},"2026-01-19",{"date":354,"score":77,"percentile":272},"2026-01-20",{"date":356,"score":77,"percentile":319},"2026-01-21",{"date":358,"score":77,"percentile":359},"2026-01-22",0.10054,{"date":361,"score":77,"percentile":362},"2026-01-23",0.10151,{"date":364,"score":77,"percentile":365},"2026-01-24",0.10206,{"date":367,"score":77,"percentile":368},"2026-01-25",0.10164,{"date":370,"score":77,"percentile":371},"2026-01-26",0.1012,{"date":373,"score":77,"percentile":374},"2026-01-27",0.10104,{"date":376,"score":77,"percentile":377},"2026-01-28",0.10082,{"date":379,"score":77,"percentile":380},"2026-01-29",0.10058,{"date":382,"score":77,"percentile":383},"2026-01-30",0.10069,{"date":385,"score":77,"percentile":386},"2026-01-31",0.10085,{"date":388,"score":77,"percentile":245},"2026-02-01",[390,395,401],{"source":81,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":391,"cvss_v4_0":9},{"baseScore":79,"baseSeverity":392,"vectorString":82,"impactScore":393,"exploitabilityScore":394},"HIGH",6.2,10,{"source":87,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":396,"cvss_v4_0":9},{"baseScore":397,"baseSeverity":398,"vectorString":399,"impactScore":400,"exploitabilityScore":394},5.8,"MEDIUM","CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",2.3,{"source":88,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":402,"cvss_v4_0":403},{"baseScore":79,"baseSeverity":9,"vectorString":82,"impactScore":393,"exploitabilityScore":394},{"baseScore":404,"baseSeverity":9,"vectorString":405,"impactScore":9,"exploitabilityScore":9},6.9,"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:L",[407,422,446],{"ecosystem":408,"name":409,"vendor":410,"product":411,"cpe_part":9,"purl_type":412,"purl_namespace":410,"purl_name":411,"source":9,"versions":413},"Go","github.com/hashicorp/consul","github.com/hashicorp","consul","golang",[414],{"version":415,"is_range":416,"range_type":417,"version_start":418,"version_start_type":419,"version_end":420,"version_end_type":421,"fixed_in":9},"gte1_9_0_lt1_20_1",true,"semver","1.9.0","including","1.20.1","excluding",{"ecosystem":9,"name":423,"vendor":424,"product":411,"cpe_part":425,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":426},"Consul","hashicorp","a",[427,429,433,436,440,444],{"version":428,"is_range":416,"range_type":81,"version_start":418,"version_start_type":419,"version_end":420,"version_end_type":421,"fixed_in":9},">= 1.9.0, \u003C 1.20.1",{"version":430,"is_range":416,"range_type":431,"version_start":432,"version_start_type":419,"version_end":420,"version_end_type":421,"fixed_in":9},"gte1.4.1_lt1.20.1","cpe","1.4.1",{"version":434,"is_range":416,"range_type":431,"version_start":418,"version_start_type":419,"version_end":435,"version_end_type":421,"fixed_in":9},"gte1.9.0_lt1.15.15","1.15.15",{"version":437,"is_range":416,"range_type":431,"version_start":438,"version_start_type":419,"version_end":439,"version_end_type":421,"fixed_in":9},"gte1.18.0_lt1.18.5","1.18.0","1.18.5",{"version":441,"is_range":416,"range_type":431,"version_start":442,"version_start_type":419,"version_end":443,"version_end_type":421,"fixed_in":9},"gte1.19.0_lt1.19.3","1.19.0","1.19.3",{"version":445,"is_range":75,"range_type":431,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"1.20.0",{"ecosystem":9,"name":447,"vendor":424,"product":448,"cpe_part":425,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":449},"Consul Enterprise","consul enterprise",[450],{"version":428,"is_range":416,"range_type":81,"version_start":418,"version_start_type":419,"version_end":420,"version_end_type":421,"fixed_in":9}]