x/vulndb: potential Go vuln in github.com/hashicorp/nomad/client/allocrunner/taskrunner/template: GHSA-77cr-6gr8-7rr9

[GoVulnBot]

In GitHub Security Advisory GHSA-77cr-6gr8-7rr9, there is a vulnerability in the following Go packages or modules:

Unit	Fixed	Vulnerable Ranges
github.com/hashicorp/nomad/client/allocrunner/taskrunner/template	0.12.6	>= 0.12.0, < 0.12.6

Cross references:

• CVE-2020-27195 appears in issue x/vulndb: potential Go vuln in github.com/hashicorp/nomad/client/allocrunner/taskrunner/template: GHSA-77cr-6gr8-7rr9 #806 NOT_IMPORTABLE
• GHSA-77cr-6gr8-7rr9 appears in issue x/vulndb: potential Go vuln in github.com/hashicorp/nomad/client/allocrunner/taskrunner/template: GHSA-77cr-6gr8-7rr9 #806 NOT_IMPORTABLE

See doc/triage.md for instructions on how to triage this report.

modules:
  - module: TODO
    versions:
      - introduced: 0.12.0
        fixed: 0.12.6
    packages:
      - package: github.com/hashicorp/nomad/client/allocrunner/taskrunner/template
  - module: TODO
    versions:
      - introduced: 0.11.0
        fixed: 0.11.5
    packages:
      - package: github.com/hashicorp/nomad/client/allocrunner/taskrunner/template
  - module: TODO
    versions:
      - introduced: 0.9.0
        fixed: 0.10.6
    packages:
      - package: github.com/hashicorp/nomad/client/allocrunner/taskrunner/template
description: HashiCorp Nomad and Nomad Enterprise version 0.9.0 up to 0.12.5 client
    file sandbox feature can be subverted using either the template or artifact stanzas.
    Fixed in 0.12.6, 0.11.5, and 0.10.6
cves:
  - CVE-2020-27195
ghsas:
  - GHSA-77cr-6gr8-7rr9

[tatianab]

Duplicate of #806