/
DirectorySecurity Advisories
Sign In
Security Advisories

CGA-qc2h-qqvx-x87c

Published

Last updated

https://images.chainguard.dev/security/CGA-qc2h-qqvx-x87c
Package

checkov

RepositoryWolfi
Latest Update
Fixed
Fixed Version

3.0.34-r1

Aliases
  • CVE-2024-5569
  • GHSA-jfmj-5v4g-7637

Severity

Unknown

Summary

zipp Denial of Service vulnerability

Description

A Denial of Service (DoS) vulnerability exists in the jaraco/zipp library, affecting all versions prior to 3.19.1. The vulnerability is triggered when processing a specially crafted zip file that leads to an infinite loop. This issue also impacts the zipfile module of CPython, as features from the third-party zipp library are later merged into CPython, and the affected code is identical in both projects. The infinite loop can be initiated through the use of functions affecting the Path module in both zipp and zipfile, such as joinpath, the overloaded division operator, and iterdir. Although the infinite loop is not resource exhaustive, it prevents the application from responding. The vulnerability was addressed in version 3.19.1 of jaraco/zipp.

References

Updates


Safe Source for Open Sourceâ„¢
Media KitContact Us
© 2025 Chainguard. All Rights Reserved.
Private PolicyTerms of Use

Products

Chainguard ContainersChainguard LibrariesChainguard VMs