[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2024-10086":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T14:55:33.319Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":44,"aliases":45,"duplicate_of":9,"upstream":49,"downstream":50,"duplicates":61,"related":62,"reserved_at":9,"published_at":72,"modified_at":73,"state":74,"summary":75,"references_raw":84,"kevs":120,"epss":121,"epss_history":124,"metrics":390,"affected":403},"CVE-2024-10086","A vulnerability was identified in Consul and Consul Enterprise such that the server response did not explicitly set a Content-Type HTTP header, allowing user-provided inputs to be misinterpreted and lead to reflected XSS.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-79","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.","weakness","Stable","Base","High",[20,24,28,32,36,40],{"id":21,"name":22,"techniques":23},"CAPEC-209","XSS Using MIME Type Mismatch",[],{"id":25,"name":26,"techniques":27},"CAPEC-588","DOM-Based XSS",[],{"id":29,"name":30,"techniques":31},"CAPEC-591","Reflected XSS",[],{"id":33,"name":34,"techniques":35},"CAPEC-592","Stored XSS",[],{"id":37,"name":38,"techniques":39},"CAPEC-63","Cross-Site Scripting (XSS)",[],{"id":41,"name":42,"techniques":43},"CAPEC-85","AJAX Footprinting",[],[],[46,47,48],"GHSA-99wr-c2px-grmh","BIT-consul-2024-10086","GO-2024-3242",[],[51,53,55,57,59],{"_key":52},"UBUNTU-CVE-2024-10086",{"_key":54},"OPENSUSE-SU-2024:0350-1",{"_key":56},"SUSE-SU-2024:3950-1",{"_key":58},"OPENSUSE-SU-2024:14458-1",{"_key":60},"DEBIAN-CVE-2024-10086",[],[63,64,65,66,68,70],{"_key":54},{"_key":56},{"_key":58},{"_key":67},"CGA-2Q84-Q327-4698",{"_key":69},"CGA-VV29-FCXC-JV6G",{"_key":71},"CGA-X477-PXVM-W783","2024-10-30T21:21:46.559Z","2025-01-10T13:06:42.658Z","Modified",{"cisa_kev":76,"cisa_ransomware":76,"cisa_vendor":9,"epss_severity":77,"epss_score":78,"severity":79,"severity_score":80,"severity_version":81,"severity_source":82,"severity_vector":83,"severity_status":74},false,"low",0.01462,"medium",6.1,"v3.1","cve.org","CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",[85,93,97,102,107,111,116],{"url":86,"sources":87,"tags":90},"https://discuss.hashicorp.com/t/hcsec-2024-24-consul-vulnerable-to-reflected-xss-on-content-type-error-manipulation",[82,88,89],"nvd","osv_go",[91,92],"Vendor Advisory","WEB",{"url":94,"sources":95,"tags":96},"https://security.netapp.com/advisory/ntap-20250110-0006/",[82,88],[],{"url":98,"sources":99,"tags":100},"https://nvd.nist.gov/vuln/detail/CVE-2024-10086",[89],[101],"Advisory",{"url":103,"sources":104,"tags":105},"https://github.com/hashicorp/consul/commit/07fae7bb0be8593cc98c38b1ef4a49ed9188932f",[89],[92,106],"FIX",{"url":108,"sources":109,"tags":110},"https://github.com/advisories/GHSA-99wr-c2px-grmh",[89],[101],{"url":112,"sources":113,"tags":114},"https://github.com/hashicorp/consul",[89],[115],"PACKAGE",{"url":117,"sources":118,"tags":119},"https://security.netapp.com/advisory/ntap-20250110-0006",[89],[92],[],{"date":122,"score":78,"percentile":123},"2026-06-04",0.81204,[125,129,132,135,138,141,144,147,150,153,156,158,161,163,166,170,173,176,178,181,184,187,190,193,195,198,201,204,207,210,213,216,219,222,225,229,232,235,238,241,244,247,250,253,256,260,263,266,268,271,273,276,279,282,286,289,292,295,298,301,304,306,309,311,314,317,320,323,325,328,331,334,337,340,343,346,349,352,355,358,361,364,367,370,373,376,379,382,384,387],{"date":126,"score":127,"percentile":128},"2025-11-04",0.00349,0.56756,{"date":130,"score":127,"percentile":131},"2025-11-05",0.56733,{"date":133,"score":127,"percentile":134},"2025-11-06",0.56735,{"date":136,"score":127,"percentile":137},"2025-11-07",0.56749,{"date":139,"score":127,"percentile":140},"2025-11-08",0.56753,{"date":142,"score":127,"percentile":143},"2025-11-09",0.56741,{"date":145,"score":127,"percentile":146},"2025-11-10",0.56716,{"date":148,"score":127,"percentile":149},"2025-11-11",0.56729,{"date":151,"score":127,"percentile":152},"2025-11-12",0.56754,{"date":154,"score":127,"percentile":155},"2025-11-13",0.56759,{"date":157,"score":127,"percentile":155},"2025-11-14",{"date":159,"score":127,"percentile":160},"2025-11-15",0.5675,{"date":162,"score":127,"percentile":134},"2025-11-16",{"date":164,"score":127,"percentile":165},"2025-11-17",0.56728,{"date":167,"score":168,"percentile":169},"2025-11-18",0.00789,0.71754,{"date":171,"score":168,"percentile":172},"2025-11-19",0.71761,{"date":174,"score":168,"percentile":175},"2025-11-20",0.71768,{"date":177,"score":127,"percentile":143},"2025-11-21",{"date":179,"score":127,"percentile":180},"2025-11-22",0.56737,{"date":182,"score":127,"percentile":183},"2025-11-23",0.56711,{"date":185,"score":127,"percentile":186},"2025-11-24",0.56705,{"date":188,"score":127,"percentile":189},"2025-11-25",0.56709,{"date":191,"score":127,"percentile":192},"2025-11-26",0.56713,{"date":194,"score":127,"percentile":192},"2025-11-27",{"date":196,"score":127,"percentile":197},"2025-11-28",0.56689,{"date":199,"score":127,"percentile":200},"2025-11-29",0.56676,{"date":202,"score":127,"percentile":203},"2025-11-30",0.56669,{"date":205,"score":127,"percentile":206},"2025-12-01",0.56823,{"date":208,"score":127,"percentile":209},"2025-12-02",0.56839,{"date":211,"score":127,"percentile":212},"2025-12-03",0.56835,{"date":214,"score":127,"percentile":215},"2025-12-04",0.5667,{"date":217,"score":127,"percentile":218},"2025-12-05",0.56686,{"date":220,"score":127,"percentile":221},"2025-12-06",0.56687,{"date":223,"score":127,"percentile":224},"2025-12-07",0.56685,{"date":226,"score":227,"percentile":228},"2025-12-08",0.00699,0.71191,{"date":230,"score":227,"percentile":231},"2025-12-09",0.71222,{"date":233,"score":227,"percentile":234},"2025-12-10",0.71257,{"date":236,"score":227,"percentile":237},"2025-12-11",0.7128,{"date":239,"score":227,"percentile":240},"2025-12-12",0.71304,{"date":242,"score":227,"percentile":243},"2025-12-13",0.71309,{"date":245,"score":227,"percentile":246},"2025-12-14",0.7131,{"date":248,"score":227,"percentile":249},"2025-12-15",0.71306,{"date":251,"score":227,"percentile":252},"2025-12-16",0.71316,{"date":254,"score":227,"percentile":255},"2025-12-17",0.71333,{"date":257,"score":258,"percentile":259},"2025-12-18",0.01081,0.77317,{"date":261,"score":258,"percentile":262},"2025-12-19",0.77329,{"date":264,"score":258,"percentile":265},"2025-12-20",0.77322,{"date":267,"score":258,"percentile":259},"2025-12-21",{"date":269,"score":258,"percentile":270},"2025-12-22",0.77315,{"date":272,"score":258,"percentile":259},"2025-12-23",{"date":274,"score":258,"percentile":275},"2025-12-24",0.77328,{"date":277,"score":258,"percentile":278},"2025-12-25",0.77345,{"date":280,"score":258,"percentile":281},"2025-12-26",0.7734,{"date":283,"score":284,"percentile":285},"2025-12-27",0.01013,0.76661,{"date":287,"score":258,"percentile":288},"2025-12-28",0.77326,{"date":290,"score":258,"percentile":291},"2025-12-29",0.77323,{"date":293,"score":258,"percentile":294},"2025-12-30",0.7733,{"date":296,"score":258,"percentile":297},"2025-12-31",0.77346,{"date":299,"score":258,"percentile":300},"2026-01-01",0.77469,{"date":302,"score":258,"percentile":303},"2026-01-02",0.7747,{"date":305,"score":258,"percentile":300},"2026-01-03",{"date":307,"score":258,"percentile":308},"2026-01-04",0.77352,{"date":310,"score":258,"percentile":278},"2026-01-05",{"date":312,"score":258,"percentile":313},"2026-01-06",0.77354,{"date":315,"score":258,"percentile":316},"2026-01-07",0.77362,{"date":318,"score":258,"percentile":319},"2026-01-08",0.77371,{"date":321,"score":258,"percentile":322},"2026-01-09",0.77376,{"date":324,"score":258,"percentile":322},"2026-01-10",{"date":326,"score":258,"percentile":327},"2026-01-11",0.77369,{"date":329,"score":258,"percentile":330},"2026-01-12",0.77357,{"date":332,"score":258,"percentile":333},"2026-01-13",0.77356,{"date":335,"score":258,"percentile":336},"2026-01-14",0.77379,{"date":338,"score":258,"percentile":339},"2026-01-15",0.77383,{"date":341,"score":227,"percentile":342},"2026-01-16",0.71475,{"date":344,"score":227,"percentile":345},"2026-01-17",0.71471,{"date":347,"score":227,"percentile":348},"2026-01-18",0.71447,{"date":350,"score":227,"percentile":351},"2026-01-19",0.71442,{"date":353,"score":227,"percentile":354},"2026-01-20",0.7145,{"date":356,"score":227,"percentile":357},"2026-01-21",0.71455,{"date":359,"score":227,"percentile":360},"2026-01-22",0.71466,{"date":362,"score":227,"percentile":363},"2026-01-23",0.71496,{"date":365,"score":227,"percentile":366},"2026-01-24",0.715,{"date":368,"score":227,"percentile":369},"2026-01-25",0.71479,{"date":371,"score":227,"percentile":372},"2026-01-26",0.71476,{"date":374,"score":227,"percentile":375},"2026-01-27",0.71478,{"date":377,"score":227,"percentile":378},"2026-01-28",0.71495,{"date":380,"score":227,"percentile":381},"2026-01-29",0.71494,{"date":383,"score":227,"percentile":366},"2026-01-30",{"date":385,"score":227,"percentile":386},"2026-01-31",0.71502,{"date":388,"score":227,"percentile":389},"2026-02-01",0.71628,[391,396,398],{"source":82,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":392,"cvss_v4_0":9},{"baseScore":80,"baseSeverity":393,"vectorString":83,"impactScore":394,"exploitabilityScore":395},"MEDIUM",4.5,7.2,{"source":88,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":397,"cvss_v4_0":9},{"baseScore":80,"baseSeverity":393,"vectorString":83,"impactScore":394,"exploitabilityScore":395},{"source":89,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":399,"cvss_v4_0":400},{"baseScore":80,"baseSeverity":9,"vectorString":83,"impactScore":394,"exploitabilityScore":395},{"baseScore":401,"baseSeverity":9,"vectorString":402,"impactScore":9,"exploitabilityScore":9},5.3,"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N",[404,419,438],{"ecosystem":405,"name":406,"vendor":407,"product":408,"cpe_part":9,"purl_type":409,"purl_namespace":407,"purl_name":408,"source":9,"versions":410},"Go","github.com/hashicorp/consul","github.com/hashicorp","consul","golang",[411],{"version":412,"is_range":413,"range_type":414,"version_start":415,"version_start_type":416,"version_end":417,"version_end_type":418,"fixed_in":9},"gte1_4_1_lt1_20_0",true,"semver","1.4.1","including","1.20.0","excluding",{"ecosystem":9,"name":420,"vendor":421,"product":408,"cpe_part":422,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":423},"Consul","hashicorp","a",[424,428,430,434],{"version":425,"is_range":413,"range_type":426,"version_start":415,"version_start_type":416,"version_end":427,"version_end_type":418,"fixed_in":9},"gte1.4.1_lt1.15.15","cpe","1.15.15",{"version":429,"is_range":413,"range_type":426,"version_start":415,"version_start_type":416,"version_end":417,"version_end_type":418,"fixed_in":9},"gte1.4.1_lt1.20.0",{"version":431,"is_range":413,"range_type":426,"version_start":432,"version_start_type":416,"version_end":433,"version_end_type":418,"fixed_in":9},"gte1.18.0_lt1.18.5","1.18.0","1.18.5",{"version":435,"is_range":413,"range_type":426,"version_start":436,"version_start_type":416,"version_end":437,"version_end_type":418,"fixed_in":9},"gte1.19.0_lt1.19.3","1.19.0","1.19.3",{"ecosystem":9,"name":439,"vendor":421,"product":440,"cpe_part":422,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":441},"Consul Enterprise","consul enterprise",[442],{"version":443,"is_range":413,"range_type":82,"version_start":415,"version_start_type":416,"version_end":417,"version_end_type":418,"fixed_in":9},">= 1.4.1, \u003C 1.20.0"]