CVE-2019-11254

Published

Last updated

NVD

https://nvd.nist.gov/vuln/detail/CVE-2019-11254

Severity

Unknown

Description

The Kubernetes API Server component in versions 1.1-1.14, and versions prior to 1.15.10, 1.16.7 and 1.17.3 allows an authorized user who sends malicious YAML payloads to cause the kube-apiserver to consume excessive CPU cycles while parsing YAML.

References

https://images.chainguard.dev/security/CGA-c7mh-q2h5-qwr6
https://github.com/advisories/GHSA-wxc4-f4m6-wwqv
https://security.netapp.com/advisory/ntap-20200413-0003/
https://github.com/kubernetes/kubernetes/issues/89535
https://groups.google.com/d/msg/kubernetes-announce/ALL9s73E5ck/4yHe8J-PBAAJ
https://security-tracker.debian.org/tracker/CVE-2019-11254

Affected packages

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

Safe Source for Open Source™

Media Kit Contact Us

Private Policy

CVE-2019-11254

Severity

Description

References

Affected packages

Products

Why Chainguard

Customers

Company

Resources