CVE-2024-32476

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-32476

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-32476.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2024-32476

Aliases

Related

Published

2024-04-26T15:24:13.245Z

Modified

2025-11-30T18:53:14.539580Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

Denial of Service via malicious jqPathExpressions in ignoreDifferences

Details

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. There is a Denial of Service (DoS) vulnerability via OOM using jq in ignoreDifferences. This vulnerability has been patched in version(s) 2.10.7, 2.9.12 and 2.8.16.

Database specific

{
    "cwe_ids": [
        "CWE-400"
    ],
    "cna_assigner": "GitHub_M",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/32xxx/CVE-2024-32476.json"
}

References

Affected packages

Git / github.com/argoproj/argo-cd

Affected ranges

Type

GIT

Repo

https://github.com/argoproj/argo-cd

Events

Introduced

2175939ed6156ddd743e60f427f7f48118c971bf

Fixed

37b1cf5306f9c245f188c4c0566c23a0f80cdc65

Database specific

{
    "versions": [
        {
            "introduced": "2.10.0"
        },
        {
            "fixed": "2.10.8"
        }
    ]
}

Type

GIT

Repo

https://github.com/argoproj/argo-cd

Events

Introduced

9cf0c69bbe70393db40e5755e34715f30179ee09

Fixed

98203002baea3cfc2776f17088232070cea1515c

Database specific

{
    "versions": [
        {
            "introduced": "2.9.0"
        },
        {
            "fixed": "2.9.13"
        }
    ]
}

Type

GIT

Repo

https://github.com/argoproj/argo-cd

Events

Introduced

Fixed

f2ae45b10a7d0642e1cb0d2f003dad4157136339

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "2.8.17"
        }
    ]
}

Affected versions

v0.*

v0.1.0

v0.2.0

v0.3.0

v0.3.1

v0.3.2

v0.3.3

v0.4.0

v0.4.0-alpha1

v0.4.1

v0.4.2

v0.4.3

v0.4.4

v0.4.5

v0.5.0

v0.5.1

v0.5.2

v0.6.0

v0.6.1

v0.7.0

v0.7.1

v0.8.0

v2.*

v2.10.0

v2.10.1

v2.10.2

v2.10.3

v2.10.4

v2.10.5

v2.10.6

v2.10.7

v2.8.0

v2.8.0-rc1

v2.8.0-rc2

v2.8.0-rc3

v2.8.0-rc4

v2.8.0-rc5

v2.8.0-rc6

v2.8.0-rc7

v2.8.1

v2.8.10

v2.8.11

v2.8.12

v2.8.13

v2.8.14

v2.8.15

v2.8.16

v2.8.2

v2.8.3

v2.8.4

v2.8.5

v2.8.6

v2.8.7

v2.8.8

v2.8.9

v2.9.0

v2.9.1

v2.9.11

v2.9.12

v2.9.2

v2.9.3

v2.9.4

v2.9.5

v2.9.6

v2.9.7

v2.9.8

v2.9.9

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-32476.json"