Ahollmann

**Name of the Vulnerable Software and Affected Versions** compose-go versions v2.10 through v2.4.0 Docker Compose versions v2.27.0 through v2.29.7 **Description** The issue allows an authorized user who sends malicious YAML payloads to cause excessive memory and CPU cycle consumption while parsing YAML. This affects the compose-go library, which is used by Docker Compose. **Recommendations** For compose-go versions v2.10 through v2.4.0, update to version v2.24.1 to fix the issue. For Docker Compose versions v2.27.0 through v2.29.7, consider updating the underlying compose-go library to version v2.24.1 as a mitigation measure. As a temporary workaround, consider restricting the use of YAML payloads to trusted sources until the issue is resolved.