CVE-2019-11254

ADVISORY - github

Summary

The Kubernetes API Server component in versions 1.1-1.14, and versions prior to 1.15.10, 1.16.7 and 1.17.3 allows an authorized user who sends malicious YAML payloads to cause the kube-apiserver to consume excessive CPU cycles while parsing YAML.

EPSS Score⁠: 0.0011 (0.303)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-1050⁠

Excessive Platform Resource Consumption within a Loop

CWE-other⁠

ADVISORY - github

CWE-1050⁠

Excessive Platform Resource Consumption within a Loop

ADVISORY - gitlab

CWE-1035⁠

OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities

CWE-937⁠

OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

ADVISORY - redhat

CWE-400⁠

Uncontrolled Resource Consumption

Impacted images

Advisories

Sign in to Docker Scout

See which of your images are affected by this CVE and how to fix them by signing into Docker Scout.