VYPR
Moderate severityNVD Advisory· Published Apr 26, 2024· Updated Aug 2, 2024

Denial of Service via malicious jqPathExpressions in ignoreDifferences

CVE-2024-32476

Description

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. There is a Denial of Service (DoS) vulnerability via OOM using jq in ignoreDifferences. This vulnerability has been patched in version(s) 2.10.7, 2.9.12 and 2.8.16.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
github.com/argoproj/argo-cd/v2Go
>= 2.10.0, < 2.10.82.10.8
github.com/argoproj/argo-cd/v2Go
>= 2.9.0, < 2.9.132.9.13
github.com/argoproj/argo-cd/v2Go
< 2.8.172.8.17

Affected products

15

Patches

Vulnerability mechanics

References

6

News mentions

0

No linked articles in our index yet.