CVE-2023-2253

CVE-2023-2253 concerns the /v2/_catalog endpoint in distribution/distribution, where the query parameter n controls the maximum number of records returned. The flaw allows a malicious user to supply an unreasonably large n, potentially triggering allocation of a massive string array and causing m...

GO-2023-1772 Memory exhaustion in github.com/distribution/distribution

Systems that run distribution built after a specific commit running on memory-restricted environments can suffer from denial of service by a crafted malicious /v2/catalog API endpoint request...