CVE-2023-27484

🗓️ 09 Mar 2023 21:11:15Reported by [email protected]Type

Crossplane-runtime allows high-privileged users to create or update Compositions with a high index in `ToFieldPath`, leading to excessive memory usage

5 of 5AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 10
Veracode	Denial Of Service (DoS)	12 Mar 202312:00	–	veracode
Vulnrichment	CVE-2023-27484 Unchecked fieldpath index in Composition's patches can lead to arbitrary memory allocation in crossplane	9 Mar 202320:22	–	vulnrichment
Github Security Blog	Crossplane-runtime contains Improper Input Validation via Compositions	10 Mar 202323:47	–	github
OSV	CGA-PGW2-JMGX-J6R6	6 Jun 202412:28	–	osv
OSV	GHSA-V829-X6HH-CQFQ Crossplane-runtime contains Improper Input Validation via Compositions	10 Mar 202323:47	–	osv
OSV	CVE-2023-27484	9 Mar 202321:15	–	osv
Cvelist	CVE-2023-27484 Unchecked fieldpath index in Composition's patches can lead to arbitrary memory allocation in crossplane	9 Mar 202320:22	–	cvelist
RedhatCVE	CVE-2023-27484	23 May 202502:25	–	redhatcve
Prion	Code injection	9 Mar 202321:15	–	prion
CVE	CVE-2023-27484	9 Mar 202321:15	–	cve

Nvd

Node

crossplane crossplaneRange1.9.0–1.9.2

crossplane crossplaneRange1.10.0–1.10.3

crossplane crossplaneRange1.11.0–1.11.2

Source	Link
github	www.github.com/crossplane/crossplane/security/advisories/GHSA-v829-x6hh-cqfq

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

09 Mar 2023 21:15Current

6.2Medium risk

Vulners AI Score6.2

CVSS34.9 - 6.2

EPSS0.00086