GHSA-42mr-jpwh-m9rv

Suggest an improvement
Source
https://github.com/advisories/GHSA-42mr-jpwh-m9rv
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/05/GHSA-42mr-jpwh-m9rv/GHSA-42mr-jpwh-m9rv.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-42mr-jpwh-m9rv
Aliases
Published
2025-05-05T18:32:53Z
Modified
2025-05-20T20:26:16Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H CVSS Calculator
Summary
Linkerd resource exhaustion vulnerability
Details

In Linkerd edge releases before edge-25.2.1, and Buoyant Enterprise for Linkerd releases 2.13.0–2.13.7, 2.14.0–2.14.10, 2.15.0–2.15.7, 2.16.0–2.16.4, and 2.17.0–2.17.1, resource exhaustion can occur for Linkerd proxy metrics.

Database specific 
{
    "severity": "MODERATE",
    "github_reviewed_at": "2025-05-06T00:38:55Z",
    "cwe_ids": [
        "CWE-400"
    ],
    "github_reviewed": true,
    "nvd_published_at": "2025-05-05T17:18:49Z"
}
References

Affected packages

Go / github.com/linkerd/linkerd2

Package

Name
github.com/linkerd/linkerd2
View open source insights on deps.dev
Purl
pkg:golang/github.com/linkerd/linkerd2

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.0.0-20250212165942-faa3f617eef5