github.com/docker/distribution is vulnerable to unbounded memory allocation attacks. The vulnerability exists through the use of StorageDriver.GetContent
which allows an attacker to cause an application crash.
lists.opensuse.org/opensuse-security-announce/2020-09/msg00047.html
access.redhat.com/errata/RHSA-2017:2603
github.com/docker/distribution/commit/29fa466debaabb64f8559116bbffd20a289d523c
github.com/docker/distribution/pull/2340
github.com/docker/distribution/pull/2341
github.com/docker/distribution/releases/tag/v2.6.2