VDB
GO-2025-3412
GO-2025-3412
PUBLISHED
CVSS 9.300000190734863 CRITICAL
Excessive resource consumption when unmarshalling Compose file with recursive loop in github.com/compose-spec/compose-go/v2
Risk Scores
CVSS v4.0
9.300000190734863
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| github.com | compose-spec/compose-go/v2 | 2.1.0, 2.1.0 |
Timeline
- Jan 29, 2025 CVE Published
- Mar 3, 2026 CVE Updated
References
- https://github.com/compose-spec/compose-go/security/advisories/GHSA-36gq-35j3-p9r9 advisory
- https://github.com/compose-spec/compose-go/pull/618 patch
- https://github.com/compose-spec/compose-go/pull/703 patch
- https://github.com/docker/compose/commit/d239f0f3187a2ed5404c61f83bd5e995c81600ff patch
- https://github.com/docker/compose/issues/12235 url