crossplane-runtime in affected versions allows highly privileged users to specify an arbitrary high index in a patch's `ToFieldPath`, leading to excessive memory usage & potential OOM-Kill. Upgrade to versions 1.11.2, 1.10.3, or 1.9.2 advised
Reporter | Title | Published | Views | Family All 8 |
---|---|---|---|---|
Github Security Blog | Crossplane-runtime contains Improper Input Validation via Compositions | 10 Mar 202323:47 | – | github |
Veracode | Denial Of Service (DoS) | 12 Mar 202312:00 | – | veracode |
NVD | CVE-2023-27484 | 9 Mar 202321:15 | – | nvd |
OSV | CGA-pgw2-jmgx-j6r6 | 6 Jun 202412:28 | – | osv |
OSV | Crossplane-runtime contains Improper Input Validation via Compositions | 10 Mar 202323:47 | – | osv |
OSV | CVE-2023-27484 | 9 Mar 202321:15 | – | osv |
Cvelist | CVE-2023-27484 Unchecked fieldpath index in Composition's patches can lead to arbitrary memory allocation in crossplane | 9 Mar 202320:22 | – | cvelist |
Prion | Code injection | 9 Mar 202321:15 | – | prion |
[
{
"vendor": "crossplane",
"product": "crossplane",
"versions": [
{
"version": "< 1.9.2",
"status": "affected"
},
{
"version": ">= 1.10.0, < 1.10.3",
"status": "affected"
},
{
"version": ">= 1.11.0, < 1.11.2",
"status": "affected"
}
]
}
]
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo