CVE-2024-37904: Go Git Unbounded Memory Clone
Cloning a Git repository into an unbounded memory storage (`memory.NewStorage()`) can lead to Denial of Service (DoS) due to memory exhaustion if an attacker supplies a large repository. Ensure you use an on-disk storage model (`filesystem.NewStorage`) or implement explicit file count and size limits.
Provally CuratedPublic repositoryMediumMedium confidenceVerifiedApache-2.0
Goβ
Goβgreprules fetch cve-2024-37904-go-git-unbounded-memory-clone --engine opengrepDescription
Cloning a Git repository into an unbounded memory storage (`memory.NewStorage()`) can lead to Denial of Service (DoS) due to memory exhaustion if an attacker supplies a large repository. Ensure you use an on-disk storage model (`filesystem.NewStorage`) or implement explicit file count and size limits.
Community feedback
0 signals from signed-in users.
- Useful
- 0
- False positive
- 0
- Metadata
- 0