
We found results for “”
CVE-2024-10846
Good to know:

Date: January 23, 2025
The compose-go library component in versions v2.10-v2.4.0 allows an authorized user who sends malicious YAML payloads to cause the compose-go to consume excessive amount of Memory and CPU cycles while parsing YAML, such as used by Docker Compose from versions v2.27.0 to v2.29.7 included
Severity Score
Related Resources (11)
Severity Score
Top Fix

CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | LOCAL |
Attack Complexity (AC): | LOW |
Privileges Required (PR): | LOW |
User Interaction (UI): | REQUIRED |
Scope (S): | CHANGED |
Confidentiality (C): | NONE |
Integrity (I): | NONE |
Availability (A): | HIGH |