This advisory has been invalidated.
This advisory has been invalidated.
Advisories for Golang/K8s.io/Apimachinery package
2024
2023
Kubernetes apimachinery packages vulnerable to unbounded recursion in JSON parsing
Unbounded recursion in JSON parsing allows malicious JSON input to cause excessive memory consumption or panics.
Kubernetes apimachinery packages vulnerable to unbounded recursion in JSON parsing
Unbounded recursion in JSON parsing allows malicious JSON input to cause excessive memory consumption or panics.
Kubernetes apimachinery packages vulnerable to unbounded recursion in JSON parsing
Unbounded recursion in JSON parsing allows malicious JSON input to cause excessive memory consumption or panics.
Kubernetes apimachinery packages vulnerable to unbounded recursion in JSON or YAML parsing
CVE-2019-11253 is a denial of service vulnerability in the kube-apiserver, allowing authorized users sending malicious YAML or JSON payloads to cause kube-apiserver to consume excessive CPU or memory, potentially crashing and becoming unavailable. When creating a ConfigMap object which has recursive references contained in it, excessive CPU usage can occur. This appears to be an instance of a "Billion Laughs" attack which is quite well known as an XML parsing …