Security Advisories

CGA-w892-3j99-vg54

Published

Last updated

https://images.chainguard.dev/security/CGA-w892-3j99-vg54

Package

kubeflow-pipelines

Latest Update

Not affected

Aliases

CVE-2019-1002100
GHSA-q4rr-64r9-fwgf

Severity

6.5

Medium

CVSS V3

Summary

Kubernetes DoS Vulnerability

Description

In all Kubernetes versions prior to v1.11.8, v1.12.6, and v1.13.4, users that are authorized to make patch requests to the Kubernetes API Server can send a specially crafted patch of type "json-patch" (e.g. kubectl patch --type json or "Content-Type: application/json-patch+json") that consumes excessive resources while processing, causing a Denial of Service on the API Server.

References

https://nvd.nist.gov/vuln/detail/CVE-2019-1002100
https://github.com/advisories/GHSA-q4rr-64r9-fwgf
https://github.com/kubernetes/kubernetes/issues/74534
https://access.redhat.com/errata/RHSA-2019:1851
https://access.redhat.com/errata/RHSA-2019:3239
https://github.com/kubernetes/kubernetes
https://groups.google.com/forum/#!topic/kubernetes-announce/vmUUNkYfG9g
https://security.netapp.com/advisory/ntap-20190416-0002
https://web.archive.org/web/20210125011246/https://www.securityfocus.com/bid/107290

Updates

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

CGA-w892-3j99-vg54

Severity

Summary

Description

References

Updates

Product

Why Chainguard

Customers

Company

Resources