data/reports/GO-2025-3412.yaml - vulndb - Git at Google

 id: GO-2025-3412
 modules:
     - module: github.com/compose-spec/compose-go/v2
       versions:
         - introduced: 2.1.0
         - fixed: 2.4.1
       vulnerable_at: 2.4.0
 summary: |-
     Excessive resource consumption when unmarshalling Compose file with
     recursive loop in github.com/compose-spec/compose-go/v2
 cves:
     - CVE-2024-10846
 ghsas:
     - GHSA-36gq-35j3-p9r9
 references:
     - advisory: https://github.com/compose-spec/compose-go/security/advisories/GHSA-36gq-35j3-p9r9
     - fix: https://github.com/compose-spec/compose-go/pull/618
     - fix: https://github.com/compose-spec/compose-go/pull/703
     - fix: https://github.com/docker/compose/commit/d239f0f3187a2ed5404c61f83bd5e995c81600ff
     - web: https://github.com/docker/compose/issues/12235
 source:
     id: GHSA-36gq-35j3-p9r9
     created: 2025-01-28T17:11:18.830581-05:00
 review_status: REVIEWED
	id: GO-2025-3412
	modules:
	- module: github.com/compose-spec/compose-go/v2
	versions:
	- introduced: 2.1.0
	- fixed: 2.4.1
	vulnerable_at: 2.4.0
	summary: \|-
	Excessive resource consumption when unmarshalling Compose file with
	recursive loop in github.com/compose-spec/compose-go/v2
	cves:
	- CVE-2024-10846
	ghsas:
	- GHSA-36gq-35j3-p9r9
	references:
	- advisory: https://github.com/compose-spec/compose-go/security/advisories/GHSA-36gq-35j3-p9r9
	- fix: https://github.com/compose-spec/compose-go/pull/618
	- fix: https://github.com/compose-spec/compose-go/pull/703
	- fix: https://github.com/docker/compose/commit/d239f0f3187a2ed5404c61f83bd5e995c81600ff
	- web: https://github.com/docker/compose/issues/12235
	source:
	id: GHSA-36gq-35j3-p9r9
	created: 2025-01-28T17:11:18.830581-05:00
	review_status: REVIEWED