CVE-2024-10846

Published Jan 23, 2025

Last updated a month ago

CVSS medium 5.9

Overview

Description
The compose-go library component in versions v2.10-v2.4.0 allows an authorized user who sends malicious YAML payloads to cause the compose-go to consume excessive amount of Memory and CPU cycles while parsing YAML, such as used by Docker Compose from versions v2.27.0 to v2.29.7 included
Source
security@docker.com
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Secondary
Base score
5.9
Impact score
4
Exploitability score
1.5
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:H
Severity
MEDIUM

Weaknesses

security@docker.com
CWE-20

Social media

Hype score
Not currently trending

  1. CVE-2024-10846 The compose-go library component in versions v2.10-v2.4.0 allows an authorized user who sends malicious YAML payloads to cause the compose-go to consume excessive amo… https://t.co/9bjYOn8py1

    @CVEnew

    23 Jan 2025

    427 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References