CVE-2024-10846
CVSS V2 None
CVSS V3 None
Description
The compose-go library component in versions v2.10-v2.4.0 allows an authorized user who sends malicious YAML payloads to cause the compose-go to consume excessive amount of Memory and CPU cycles while parsing YAML, such as used by Docker Compose from versions v2.27.0 to v2.29.7 included
Overview
- CVE ID
- CVE-2024-10846
- Assigner
- Docker
- Vulnerability Status
- PUBLISHED
- Published Version
- 2025-01-23T15:22:56.170Z
- Last Modified Date
- 2025-01-23T15:22:56.170Z
Weakness Enumerations
References
| Reference URL | Reference Tags |
|---|---|
| https://github.com/compose-spec/compose-go/security/advisories/GHSA-36gq-35j3-p9r9 |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2024-10846 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10846 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2025-01-24 13:05:06 | Added to TrackCVE |