On Thursday, July 29 2021, Athos Ribeiro wrote:
Finally, I did check that prometheus, telegraph, prometheus-alertmanager
and cortex should be the candidates to be afected here. So far,
prometheus and telegraph only use github.com/hashicorp/consul/api and
should not be afected.
FWIW, I filed the following bug against telegraf:
https://github.com/influxdata/telegraf/issues/9559
I also reported the CVE to the prometheus developers (they ask that
security issues be reported in private, so I don't have a bug number).
Athos will look into notifying the cortex and prometheus-alertmanager
developers tomorrow.