cbcvebase.
CVE-2024-32476
published 2024-05-14

CVE-2024-32476: Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. There is a Denial of Service (DoS) vulnerability via OOM using jq in…

PriorityP431medium6.5CVSS 3.1
AVNACLPRLUINSUCNINAH
EPSS
1.00%
58.6th percentile
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. There is a Denial of Service (DoS) vulnerability via OOM using jq in ignoreDifferences. This vulnerability has been patched in version(s) 2.10.7, 2.9.12 and 2.8.16.

Affected

9 ranges
VendorProductVersion rangeFixed in
argoprojargo-cd< 2.8.172.8.17
argoprojargo-cd
argoprojargo-cd
argoprojargo_cd>= 2.1.0 < 2.8.172.8.17
argoprojargo_cd>= 2.10.0 < 2.10.82.10.8
argoprojargo_cd>= 2.9.0 < 2.9.132.9.13
github.comargoproj_argo-cd_v2>= 0 < 2.8.172.8.17
github.comargoproj_argo-cd_v2>= 2.10.0 < 2.10.82.10.8
github.comargoproj_argo-cd_v2>= 2.9.0 < 2.9.132.9.13
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.