-
Task
-
Resolution: Unresolved
-
Minor
-
None
-
1
-
False
-
-
False
-
No
-
No
-
-
-
Model Serving Sprint 2.9-2
-
Testable
Detailed paths
Introduced through: github.com/opendatahub-io/odh-model-controller@0.0.0 › google.golang.org/protobuf@v1.32.0
Introduced through: github.com/opendatahub-io/odh-model-controller@0.0.0 › cloud.google.com/go/compute@v1.23.3 › google.golang.org/protobuf@v1.32.0
Introduced through: github.com/opendatahub-io/odh-model-controller@0.0.0 › cloud.google.com/go/iam@v1.1.5 › google.golang.org/protobuf@v1.32.0
…and 2089 more
Security information
Factors contributing to the scoring: * Snyk: CVSS 5.3 - Medium Severity
- NVD: Not available. NVD has not yet published its analysis.
Why are the scores different? Learn how Snyk evaluates vulnerability scores
Overview
Affected versions of this package are vulnerable to Infinite loop via the protojson.Unmarshal function. An attacker can cause a denial of service condition by unmarshaling certain forms of invalid JSON.
Note:
This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set.