CVE-2024-10846: Compose Go Inefficient Yaml Path Merge Reconstruction
Inefficient string filtering logic detected. Iteratively splitting and joining strings to remove a specific path component (like YAML merge keys '<<') generates O(N^2) time complexity and massive memory allocation during tree traversal, leading to Denial-of-Service (DoS) and Out-Of-Memory (OOM) crashes via deeply nested user-controlled payloads. Use a simple
Goβgreprules fetch cve-2024-10846-compose-go-inefficient-yaml-path-merge-reconstruction --engine opengrepDescription
Inefficient string filtering logic detected. Iteratively splitting and joining strings to remove a specific path component (like YAML merge keys '<<') generates O(N^2) time complexity and massive memory allocation during tree traversal, leading to Denial-of-Service (DoS) and Out-Of-Memory (OOM) crashes via deeply nested user-controlled payloads. Use a simple
Community feedback
0 signals from signed-in users.
- Useful
- 0
- False positive
- 0
- Metadata
- 0