Uploaded image for project: 'Red Hat OpenShift AI Engineering'
  1. Red Hat OpenShift AI Engineering
  2. RHOAIENG-5307

[odh-model-controller] google.golang.org/protobuf - Infinite loop

XMLWordPrintable

    • 1
    • False
    • Hide

      None

      Show
      None
    • False
    • No
    • No
    • Model Serving Sprint 2.9-2
    • Testable

      CVE-2024-24786

       

      Detailed paths

      • Introduced through: github.com/opendatahub-io/odh-model-controller@0.0.0 › google.golang.org/protobuf@v1.32.0

      • Introduced through: github.com/opendatahub-io/odh-model-controller@0.0.0 › cloud.google.com/go/compute@v1.23.3 › google.golang.org/protobuf@v1.32.0

      • Introduced through: github.com/opendatahub-io/odh-model-controller@0.0.0 › cloud.google.com/go/iam@v1.1.5 › google.golang.org/protobuf@v1.32.0

      …and 2089 more

      Security information

      Factors contributing to the scoring: * Snyk: CVSS 5.3 - Medium Severity

      • NVD: Not available. NVD has not yet published its analysis.

      Why are the scores different? Learn how Snyk evaluates vulnerability scores

      Overview

      Affected versions of this package are vulnerable to Infinite loop via the protojson.Unmarshal function. An attacker can cause a denial of service condition by unmarshaling certain forms of invalid JSON.

      Note:

      This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set.

            rhn-support-fspolti Filippe Spolti
            rhn-support-fspolti Filippe Spolti
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated: