← Retour aux CVEs
CVE-2024-10846
MEDIUM5.9
Description
The compose-go library component in versions v2.10-v2.4.0 allows an authorized user who sends malicious YAML payloads to cause the compose-go to consume excessive amount of Memory and CPU cycles while parsing YAML, such as used by Docker Compose from versions v2.27.0 to v2.29.7 included
Details CVE
Score CVSS v3.15.9
SeveriteMEDIUM
Vecteur CVSSCVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:H
Vecteur d'attaqueLOCAL
ComplexiteLOW
Privileges requisLOW
Interaction utilisateurREQUIRED
Publie1/23/2025
Derniere modification4/25/2025
Sourcenvd
Observations honeypot0
Faiblesses (CWE)
CWE-20
References
https://github.com/compose-spec/compose-go/security/advisories/GHSA-36gq-35j3-p9r9(security@docker.com)
https://security.netapp.com/advisory/ntap-20250425-0008/(af854a3a-2127-422b-91ae-364da2661108)
Correlations IOC
Aucune correlation enregistree
This product uses data from the NVD API but is not endorsed or certified by the NVD.