​
DirectorySecurity Advisories
Sign In
Security Advisories

CGA-7mwh-q3cw-f4g8

Published

Last updated

https://images.chainguard.dev/security/CGA-7mwh-q3cw-f4g8
Package

kubeflow-pipelines

Latest Update
Not affected
Aliases
  • CVE-2019-11253
  • GHSA-pmqp-h87c-mr78

Severity

7.5

High

CVSS V3

Summary

XML Entity Expansion and Improper Input Validation in Kubernetes API server

Description

Improper input validation in the Kubernetes API server in versions v1.0-1.12 and versions prior to v1.13.12, v1.14.8, v1.15.5, and v1.16.2 allows authorized users to send malicious YAML or JSON payloads, causing the API server to consume excessive CPU or memory, potentially crashing and becoming unavailable. Prior to v1.14.0, default RBAC policy authorized anonymous users to submit requests that could trigger this vulnerability. Clusters upgraded from a version prior to v1.14.0 keep the more permissive policy by default for backwards compatibility.

Specific Go Packages Affected

k8s.io/kubernetes/pkg/apiserver

References

Updates

Safe Source for Open Sourceâ„¢
Media KitContact Us
© 2024 Chainguard. All Rights Reserved.
Private PolicyTerms of Use

Product

Chainguard Images

Why Chainguard

Container Image SecurityVulnerability RemediationCompliance and Risk MitigationSoftware Supply Chain SecurityAI/ML Security

Customers

Customer StoriesChainguard Love

Company

About UsOpen SourceCareersNewsroomLegal

Resources

Unchained BlogResearchEventsTrust CenterDocumentation