Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.
5.3

Action Package Scan and Archive Functions Can Cause System Slowdown

GHSA-54p8-x2m9-c593
Summary

The Action package's scan and archive functions can leak system resources and slow down your system if not fixed. This can happen when the system is under heavy use. To fix this, update to the latest version of the package.

What to do
  • Update github.com chainguard-dev to version 1.21.0.
Affected software
VendorProductAffected versionsFix available
github.com chainguard-dev <= 1.21.0 1.21.0
Original title
malcontent: Error-path cleanup gap can leak scanners and fds and degrade availability
Original description
Several extraction and scanning code paths registered late defers which could leak resources and exhaust system resources.

This report is an aggregate of these individual reports for the affected code:
Advisory | Affected File
-- | --
`GHSA-jjgh-mc5q-gch7` | `pkg/action/scan.go`
`GHSA-mwmf-fxh2-w4x7` | `pkg/archive/deb.go`
`GHSA-p8j3-rpf5-gwv3` | `pkg/archive/gzip.go`
`GHSA-qfh4-7f5v-75gq` | `pkg/archive/zlib.go`
`GHSA-wxxf-r586-5rf5` | `pkg/archive/bzip2.go`

**Fix**: #1354, #1355, #1356, #1361

**Acknowledgements**

Thank you to Oleh Konko from [1seal](https://1seal.org/) for discovering and reporting all six of these issues.
ghsa CVSS3.1 5.3
Vulnerability type
CWE-400 Uncontrolled Resource Consumption
Published: 2 Mar 2026 · Updated: 7 Mar 2026 · First seen: 6 Mar 2026