Directory Security Advisories

Security Advisories

CVE-2024-24786

Published

Last updated

NVD

https://nvd.nist.gov/vuln/detail/CVE-2024-24786

CGA ID

CGA-83ch-3676-2447

Severity

7.5

High

CVSS V3

Description

The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set.

References

Affected packages

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

Safe Source for Open Source™

Media Kit Contact Us

© 2024 Chainguard. All Rights Reserved.

Chainguard Images

Container Image Security Vulnerability Remediation Compliance and Risk Mitigation Software Supply Chain Security AI/ML Security

Customer Stories Chainguard Love

About Us Pricing Open Source Careers Newsroom Legal

Unchained Blog Events Trust Center Documentation