argocd-cli-2.12.4-1.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:14374-1 Final 1 1 2024-09-29T00:00:00Z current 2024-09-29T00:00:00Z 2024-09-29T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z argocd-cli-2.12.4-1.1 on GA media These are all security issues fixed in the argocd-cli-2.12.4-1.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-14374 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/7JSRC6ZWZIIPAM4FJIJWA4SBNCA3WNNU/ E-Mail link for openSUSE-SU-2024:14374-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2024-45296/ SUSE CVE CVE-2024-45296 page openSUSE Tumbleweed argocd-cli-2.12.4-1.1 argocd-cli-bash-completion-2.12.4-1.1 argocd-cli-zsh-completion-2.12.4-1.1 argocd-cli-2.12.4-1.1 as a component of openSUSE Tumbleweed argocd-cli-bash-completion-2.12.4-1.1 as a component of openSUSE Tumbleweed argocd-cli-zsh-completion-2.12.4-1.1 as a component of openSUSE Tumbleweed path-to-regexp turns path strings into a regular expressions. In certain cases, path-to-regexp will output a regular expression that can be exploited to cause poor performance. Because JavaScript is single threaded and regex matching runs on the main thread, poor performance will block the event loop and lead to a DoS. The bad regular expression is generated any time you have two parameters within a single segment, separated by something that is not a period (.). For users of 0.1, upgrade to 0.1.10. All other users should upgrade to 8.0.0. CVE-2024-45296 openSUSE Tumbleweed:argocd-cli-2.12.4-1.1 openSUSE Tumbleweed:argocd-cli-bash-completion-2.12.4-1.1 openSUSE Tumbleweed:argocd-cli-zsh-completion-2.12.4-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/7JSRC6ZWZIIPAM4FJIJWA4SBNCA3WNNU/ https://www.suse.com/security/cve/CVE-2024-45296.html CVE-2024-45296