← Back to CVEs
CVE-2024-10846
MEDIUM5.9
Description
The compose-go library component in versions v2.10-v2.4.0 allows an authorized user who sends malicious YAML payloads to cause the compose-go to consume excessive amount of Memory and CPU cycles while parsing YAML, such as used by Docker Compose from versions v2.27.0 to v2.29.7 included
CVE Details
CVSS v3.1 Score5.9
SeverityMEDIUM
CVSS VectorCVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:H
Attack VectorLOCAL
ComplexityLOW
Privileges RequiredLOW
User InteractionREQUIRED
Published1/23/2025
Last Modified4/25/2025
Sourcenvd
Honeypot Sightings0
Weaknesses (CWE)
CWE-20
References
https://github.com/compose-spec/compose-go/security/advisories/GHSA-36gq-35j3-p9r9(security@docker.com)
https://security.netapp.com/advisory/ntap-20250425-0008/(af854a3a-2127-422b-91ae-364da2661108)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.