"A vulnerability was identified in the go-getter library that Nomad and Nomad Enterprise (“Nomad”) uses for its artifacts such that a specially crafted Nomad jobspec can be used for privilege escalation onto client agent hosts. This vulnerability affects Nomad versions 0.2.0 through 1.3.0, and is fixed in the 1.1.14, 1.2.8, and 1.3.1 releases." Please bump to 1.2.8.
This has been fixed in the tree. Thanks, William