6.5

CVE-2024-32476

Denial of Service via malicious jqPathExpressions in ignoreDifferences

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. There is a Denial of Service (DoS) vulnerability via OOM using jq in ignoreDifferences. This vulnerability has been patched in version(s) 2.10.7, 2.9.12 and 2.8.16.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
ArgoprojArgo Cd Version >= 2.1.0 < 2.8.17
ArgoprojArgo Cd Version >= 2.9.0 < 2.9.13
ArgoprojArgo Cd Version >= 2.10.0 < 2.10.8
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.01% 0.584
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.5 2.8 3.6
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
security-advisories@github.com 6.5 2.8 3.6
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-400 Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource.

https://github.com/argoproj/argo-cd/commit/7893979a1e78d59cedd0ba790ded24e30bb40657
Patch
https://github.com/argoproj/argo-cd/commit/9e5cc5a26ff0920a01816231d59fdb5eae032b5a
Patch
https://github.com/argoproj/argo-cd/commit/e2df7315fb7d96652186bf7435773a27be330cac
Patch
https://github.com/argoproj/argo-cd/security/advisories/GHSA-9m6p-x4h2-6frq
Vendor Advisory