github
/
consul
mirror of https://github.com/hashicorp/consul
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Add better security warning to docs about the content-type change

pull/10023/head
Kent 'picat' Gruber 2021-04-14 16:36:40 -04:00
parent d07f57ce67
commit 493f820e9d
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
website/content/api-docs/kv.mdx
View File

@ -145,6 +145,10 @@ is instead `text/plain`.
(Yes, that is intentionally a bunch of gibberish characters to showcase the (Yes, that is intentionally a bunch of gibberish characters to showcase the
response) response)
!> **Warning:** Consul versions before 1.9.5, 1.8.10 and 1.7.14 detected the content-type
of the raw KV data which could be used for cross-site scripting (XSS) attacks. This is
identified publicly as CVE-2020-25864.
## Create/Update Key ## Create/Update Key
This endpoint updates the value of the specified key. If no key exists at the given This endpoint updates the value of the specified key. If no key exists at the given