{"id":"CVE-2023-0821","details":"HashiCorp Nomad and Nomad Enterprise 1.2.15 up to 1.3.8, and 1.4.3 jobs using a maliciously compressed artifact stanza source can cause excessive disk usage. Fixed in 1.2.16, 1.3.9, and 1.4.4.","aliases":["GHSA-w479-w22g-cffh","GO-2023-1581"],"modified":"2026-04-12T06:36:16.730608Z","published":"2023-02-16T22:15:11.097Z","references":[{"type":"ADVISORY","url":"https://discuss.hashicorp.com/t/hcsec-2023-05-nomad-client-vulnerable-to-decompression-bombs-in-artifact-block/50292"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/hashicorp/nomad","events":[{"introduced":"0"},{"fixed":"6c90f7ff7973180487add89eafa3378578eb5db3"},{"introduced":"52e95d64113e01be05d585d8b4c07f6f19efebbc"},{"fixed":"bbf16ea0c6165f5584012b610301904bca4d9c27"},{"introduced":"ebaabc9e5ead691dbf1509ed8755ef1e24d4ddf7"},{"fixed":"9101389d165dbc0df914ba15e674e85fb29de160"}],"database_specific":{"cpe":["cpe:2.3:a:hashicorp:nomad:*:*:*:*:-:*:*:*","cpe:2.3:a:hashicorp:nomad:*:*:*:*:enterprise:*:*:*"],"source":"CPE_FIELD","extracted_events":[{"introduced":"0"},{"fixed":"1.2.15"},{"introduced":"1.3.0"},{"fixed":"1.3.9"},{"introduced":"1.4.0"},{"fixed":"1.4.4"}]}}],"versions":["show","v0.0.0","v0.1.0","v0.1.1","v0.1.2","v0.10.0-beta1","v0.2.0","v0.2.1","v0.2.2","v0.2.3","v0.2.3-rc1","v0.3.0-rc2","v0.3.1","v0.3.2","v0.3.2-rc1","v0.3.2-rc2","v0.3rc1","v0.4.0","v0.4.0-rc1","v0.4.0-rc2","v0.4.1","v0.4.1-rc1","v0.5.0","v0.5.0-rc1","v0.5.0-rc2","v0.5.1","v0.5.1-rc1","v0.5.1-rc2","v0.5.2","v0.5.2-rc1","v0.5.3","v0.5.5","v0.5.5-rc1","v0.5.5-rc2","v0.5.6","v0.5.6-rc1","v0.6.0","v0.6.0-rc1","v0.6.0-rc2","v0.6.1","v0.6.2","v0.6.3-rc1","v0.7.0","v0.7.0-rc1","v0.7.0-rc2","v0.7.0-rc3","v0.7.1","v0.7.1+pro","v0.7.1-rc1","v0.7.1-rc1+pro","v0.8.0","v0.8.0+pro","v0.8.0-rc1","v0.8.0-rc1+pro","v0.8.2","v0.8.3","v0.8.4","v0.8.4-rc1","v0.9.0","v0.9.0-beta1","v0.9.0-beta2","v0.9.0-beta3","v0.9.0-rc1","v0.9.0-rc2","v0.9.2","v0.9.2-rc1","v0.9.3","v0.9.4","v0.9.4-rc1","v1.2.4","v1.2.5","v1.2.6","v1.2.7","v1.2.9","v1.3.0","v1.3.2","v1.3.8","v1.3.9","v1.4.3","v1.4.4"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-0821.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}]}