Systems that run distribution built after a specific commit running on memory-restricted environments can suffer from denial of service by a crafted malicious /v2/_catalog API endpoint request.
github.com/distribution/distribution
{ "imports": [ { "path": "github.com/distribution/distribution/registry/handlers", "symbols": [ "catalogHandler.GetCatalog" ] } ] }