Lucene search

Kubectl/API Server YAML parsing vulnerable to "Billion Laughs" Attack

🗓️ 17 Oct 2019 00:00:00Reported by AttackerKBType

Improper input validation in Kubernetes API server v1.0-1.12 and prior to v1.13.12, v1.14.8, v1.15.5, v1.16.2 allows malicious YAML/JSON payloads to cause DoS

5 of 5AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 92
Tenable Nessus	RHEL 7 / 8 : OpenShift Container Platform 4.1.20 openshift (RHSA-2019:3132)	17 Oct 201900:00	–	nessus
Tenable Nessus	RHEL 8 : Red Hat OpenShift Service Mesh 1.0 servicemesh-cni (RHSA-2020:2870)	7 Jul 202000:00	–	nessus
Tenable Nessus	RHEL 8 : Red Hat OpenShift Service Mesh 1.0 servicemesh-prometheus (RHSA-2020:2863)	7 Jul 202000:00	–	nessus
Tenable Nessus	RHEL 8 : Red Hat OpenShift Service Mesh servicemesh-cni (RHSA-2020:2799)	1 Jul 202000:00	–	nessus
Tenable Nessus	Photon OS 1.0: Kubernetes PHSA-2020-1.0-0264	16 Jan 202000:00	–	nessus
Tenable Nessus	RHEL 7 : OpenShift Container Platform 3.11 atomic-openshift (RHSA-2019:3905)	20 Nov 201900:00	–	nessus
Tenable Nessus	RHEL 8 : Red Hat OpenShift Service Mesh 1.1 servicemesh-operator (RHSA-2020:2795)	1 Jul 202000:00	–	nessus
Tenable Nessus	Photon OS 3.0: Kubernetes PHSA-2019-3.0-0031	22 Oct 201900:00	–	nessus
Tenable Nessus	RHEL 7 : OpenShift Container Platform 3.10 atomic-openshift (RHSA-2019:3239)	30 Oct 201900:00	–	nessus
Tenable Nessus	RHEL 7 : OpenShift Container Platform 3.9 atomic-openshift (RHSA-2019:3811)	8 Nov 201900:00	–	nessus

Source	Link
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
github	www.github.com/kubernetes/kubernetes/issues/83253
groups	www.groups.google.com/forum
access	www.access.redhat.com/errata/RHSA-2019:3239
security	www.security.netapp.com/advisory/ntap-20191031-0006
access	www.access.redhat.com/errata/RHSA-2019:3811
access	www.access.redhat.com/errata/RHSA-2019:3905

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

17 Oct 2019 00:00Current

1.1Low risk

Vulners AI Score1.1

EPSS0.39799