CVE-2019-11254

Summary

The Kubernetes API Server component in versions 1.1-1.14, and versions prior to 1.15.10, 1.16.7 and 1.17.3 allows an authorized user who sends malicious YAML payloads to cause the kube-apiserver to consume excessive CPU cycles while parsing YAML.

Affected Software

VendorProductVersion RangeStatus
KubernetesKubernetesprior to 1.15.10affected
KubernetesKubernetesprior to 1.16.7affected
KubernetesKubernetesprior to 1.17.3affected
KubernetesKubernetes1.1affected
KubernetesKubernetes1.2affected
KubernetesKubernetes1.3affected
KubernetesKubernetes1.4affected
KubernetesKubernetes1.5affected
KubernetesKubernetes1.6affected
KubernetesKubernetes1.7affected
KubernetesKubernetes1.8affected
KubernetesKubernetes1.9affected
KubernetesKubernetes1.10affected
KubernetesKubernetes1.11affected
KubernetesKubernetes1.12affected
KubernetesKubernetes1.13affected
KubernetesKubernetes1.14affected

Weaknesses

  • CWE-1050: CWE-1050: Excessive Platform Resource Consumption within a Loop

ADP Enrichment

CVE Program Container

Additional References

References