Vulnerability Report: GO-2023-1772
- CVE-2023-2253, GHSA-hqxw-f8mx-cpmw
- Affects: github.com/distribution/distribution
- Published: May 24, 2023
- Modified: Jun 12, 2023
Systems that run distribution built after a specific commit running on memory-restricted environments can suffer from denial of service by a crafted malicious /v2/_catalog API endpoint request.
For detailed information about this vulnerability, visit https://github.com/advisories/GHSA-hqxw-f8mx-cpmw.
Affected Packages
-
PathVersionsSymbols
-
before v2.8.2-beta.1+incompatibleall symbols
Aliases
References
- https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc
- https://github.com/advisories/GHSA-hqxw-f8mx-cpmw
- https://vuln.go.dev/ID/GO-2023-1772.json
Feedback
See anything missing or incorrect?
Suggest an edit to this report.