logo

Database

Asymmetric denial of service In github.com/argoproj/argo-cd

Description

Argo CD vulnerable to a Denial of Service via malicious jqPathExpressions in ignoreDifferences in github.com/argoproj/argo-cd Argo CD vulnerable to a Denial of Service via malicious jqPathExpressions in ignoreDifferences in github.com/argoproj/argo-cd

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. CVE-2024-324762. NVD-2024-324763. OSV-GO-2024-27924. OSV-2024-324765. GHSA-9m6p-x4h2-6frq6. GCVE-2024-324767. GHSA-9m6p-x4h2-6frq

References

1. https://github.com/argoproj/argo-cd/commit/7893979a1e78d59cedd0ba790ded24e30bb406572. https://github.com/argoproj/argo-cd/commit/9e5cc5a26ff0920a01816231d59fdb5eae032b5a3. https://github.com/argoproj/argo-cd/commit/e2df7315fb7d96652186bf7435773a27be330cac4. https://github.com/argoproj/argo-cd/security/advisories/GHSA-9m6p-x4h2-6frq

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.