Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-32476

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. There is a Denial of Service (DoS) vulnerability via OOM using jq in ignoreDifferences. This vulnerability has been patched in version(s) 2.10.7, 2.9.12 and 2.8.16.

Published

2024-05-14T15:36:25.953

Last Modified

2025-01-09T16:59:02.680

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 6.5 (MEDIUM)

Weaknesses

Type: Secondary
CWE-400
Type: Primary
NVD-CWE-noinfo

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	argoproj	argo_cd	< 2.8.17	Yes
Application	argoproj	argo_cd	< 2.9.13	Yes
Application	argoproj	argo_cd	< 2.10.8	Yes

References

https://github.com/argoproj/argo-cd/commit/7893979a1e78d59cedd0ba790ded24e30bb40657 Patch ([email protected])
https://github.com/argoproj/argo-cd/commit/9e5cc5a26ff0920a01816231d59fdb5eae032b5a Patch ([email protected])
https://github.com/argoproj/argo-cd/commit/e2df7315fb7d96652186bf7435773a27be330cac Patch ([email protected])
https://github.com/argoproj/argo-cd/security/advisories/GHSA-9m6p-x4h2-6frq Vendor Advisory ([email protected])
https://github.com/argoproj/argo-cd/commit/7893979a1e78d59cedd0ba790ded24e30bb40657 Patch (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/argoproj/argo-cd/commit/9e5cc5a26ff0920a01816231d59fdb5eae032b5a Patch (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/argoproj/argo-cd/commit/e2df7315fb7d96652186bf7435773a27be330cac Patch (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/argoproj/argo-cd/security/advisories/GHSA-9m6p-x4h2-6frq Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)