Impact
DoS vuln via OOM using jq in ignoreDifferences.
ignoreDifferences:
- group: apps
kind: Deployment
jqPathExpressions:
- 'until(true == false; [.] + [1])'
Patches
A patch for this vulnerability has been released in the following Argo CD versions:
v2.10.8
v2.9.13
v2.8.17
For more information
If you have any questions or comments about this advisory:
Open an issue in the Argo CD issue tracker or discussions
Join us on Slack in channel #argo-cd
Credits
This vulnerability was found & reported by @crenshaw-dev (Michael Crenshaw)
The Argo team would like to thank these contributors for their responsible disclosure and constructive communications during the resolve of this issue
crenshaw-dev Reporter
pasha-codefresh Remediation developer
todaywasawesome Coordinator
Impact
DoS vuln via OOM using jq in ignoreDifferences.
Patches
A patch for this vulnerability has been released in the following Argo CD versions:
v2.10.8
v2.9.13
v2.8.17
For more information
If you have any questions or comments about this advisory:
Open an issue in the Argo CD issue tracker or discussions
Join us on Slack in channel #argo-cd
Credits
This vulnerability was found & reported by @crenshaw-dev (Michael Crenshaw)
The Argo team would like to thank these contributors for their responsible disclosure and constructive communications during the resolve of this issue