Memory exhaustion in github.com/distribution/distribution
Details
Systems that run distribution built after a specific commit running on memory-restricted environments can suffer from denial of service by a crafted malicious /v2/_catalog API endpoint request.