Command and Control
A flaw was found in the
/v2/_catalog endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string:
n). This vulnerability allows a malicious user to submit an unreasonably large value for
n, causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.