{"id":"AZL-55947","summary":"CVE-2024-10846 affecting package docker-compose for versions less than 2.27.0-4","details":"The compose-go library component in versions v2.10-v2.4.0 allows an authorized user who sends malicious YAML payloads to cause the compose-go to consume excessive amount of Memory and CPU cycles while parsing YAML, such as used by Docker Compose from versions  v2.27.0 to v2.29.7 included","modified":"2026-04-01T05:18:46.397887Z","published":"2025-01-23T16:15:33Z","upstream":["CVE-2024-10846"],"references":[{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-10846"}],"affected":[{"package":{"name":"docker-compose","ecosystem":"Azure Linux:3","purl":"pkg:rpm/azure-linux/docker-compose"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.27.0-4"}]}],"database_specific":{"source":"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-55947.json"}}],"schema_version":"1.7.5"}