2 matches found
Uncontrolled Resource Consumption
github.com/aquasecurity/trivy is vulnerable to Uncontrolled Resource Consumption. The vulnerability is due to the custom tar unpacker reading Helm chart archive .tgz entries using io.ReadAll without enforcing a size limit, which allows an attacker to supply a malicious compressed archive that...
Allocation of Resources Without Limits or Throttling
Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the parser process. An attacker can cause excessive memory consumption by submitting a specially crafted Helm chart archive that decompresses to a very large size. Remediation...