Moderate severityNVD Advisory· Published Apr 26, 2024· Updated Aug 2, 2024
Denial of Service via malicious jqPathExpressions in ignoreDifferences
CVE-2024-32476
Description
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. There is a Denial of Service (DoS) vulnerability via OOM using jq in ignoreDifferences. This vulnerability has been patched in version(s) 2.10.7, 2.9.12 and 2.8.16.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/argoproj/argo-cd/v2Go | >= 2.10.0, < 2.10.8 | 2.10.8 |
github.com/argoproj/argo-cd/v2Go | >= 2.9.0, < 2.9.13 | 2.9.13 |
github.com/argoproj/argo-cd/v2Go | < 2.8.17 | 2.8.17 |
Affected products
15- osv-coords14 versionspkg:apk/chainguard/argo-cd-2.10pkg:apk/chainguard/argo-cd-2.10-compatpkg:apk/chainguard/argo-cd-2.10-repo-serverpkg:apk/chainguard/argo-cd-fips-2.8pkg:apk/chainguard/argo-cd-fips-2.8-compatpkg:apk/chainguard/argo-cd-fips-2.8-repo-serverpkg:apk/chainguard/argo-cd-fips-2.9pkg:apk/chainguard/argo-cd-fips-2.9-compatpkg:apk/chainguard/argo-cd-fips-2.9-repo-serverpkg:apk/wolfi/argo-cd-2.10pkg:apk/wolfi/argo-cd-2.10-compatpkg:apk/wolfi/argo-cd-2.10-repo-serverpkg:bitnami/argo-cdpkg:golang/github.com/argoproj/argo-cd/v2
< 2.10.8-r0+ 13 more
- (no CPE)range: < 2.10.8-r0
- (no CPE)range: < 2.10.8-r0
- (no CPE)range: < 2.10.8-r0
- (no CPE)range: < 2.8.17-r0
- (no CPE)range: < 2.8.17-r0
- (no CPE)range: < 2.8.17-r0
- (no CPE)range: < 2.9.13-r0
- (no CPE)range: < 2.9.13-r0
- (no CPE)range: < 2.9.13-r0
- (no CPE)range: < 2.10.8-r0
- (no CPE)range: < 2.10.8-r0
- (no CPE)range: < 2.10.8-r0
- (no CPE)range: < 2.10.8
- (no CPE)range: >= 2.10.0, < 2.10.8
Patches
Vulnerability mechanics
References
6- github.com/advisories/GHSA-9m6p-x4h2-6frqghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2024-32476ghsaADVISORY
- github.com/argoproj/argo-cd/commit/7893979a1e78d59cedd0ba790ded24e30bb40657ghsax_refsource_MISCWEB
- github.com/argoproj/argo-cd/commit/9e5cc5a26ff0920a01816231d59fdb5eae032b5aghsax_refsource_MISCWEB
- github.com/argoproj/argo-cd/commit/e2df7315fb7d96652186bf7435773a27be330cacghsax_refsource_MISCWEB
- github.com/argoproj/argo-cd/security/advisories/GHSA-9m6p-x4h2-6frqghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.