EUVD-2023-1111

Malicious code in bioql PyPI...

CVE-2023-27483

crossplane-runtime is a set of go libraries used to build Kubernetes controllers in Crossplane and its related stacks. An out of memory panic vulnerability has been discovered in affected versions. Applications that use the Paved type's SetValue method with user provided input without proper...

CVE-2023-27484

crossplane-runtime is a set of go libraries used to build Kubernetes controllers in Crossplane and its related stacks. In affected versions an already highly privileged user able to create or update Compositions can specify an arbitrarily high index in a patch's ToFieldPath, which could lead to...

fieldpath's Paved.SetValue allows growing arrays up to arbitrary sizes in crossplane-runtime

Summary Fuzz testing on crossplane/crossplane, by Ada Logics and sponsored by the CNCF, identified input to a function in the fieldpath package that can cause an out of memory panic. Applications that use the Paved type's SetValue method with user provided input without proper validation might us...

Denial Of Service (DoS)

github.com/crossplane/crossplane is vulnerable to Denial Of Service DoS. The vulnerability exists due to the github.com/crossplane/crossplane-runtime dependency used in the library, which allows an attacker to insert elements into arrays at an arbitrary index, causing excessive memory consumption...

Denial Of Service (DoS)

github.com/crossplane/crossplane-runtime is vulnerable to Denial Of Service DoS. The vulnerability exists due to the Pave and setValue functions in paved.go because it does not enforce the max index size of a field path, allowing an attacker to use excessive memory and cause an application crash...

CVE-2023-27484

crossplane-runtime is a set of go libraries used to build Kubernetes controllers in Crossplane and its related stacks. In affected versions an already highly privileged user able to create or update Compositions can specify an arbitrarily high index in a patch's ToFieldPath, which could lead to...

CVE-2023-27483

crossplane-runtime is a set of go libraries used to build Kubernetes controllers in Crossplane and its related stacks. An out of memory panic vulnerability has been discovered in affected versions. Applications that use the Paved type's SetValue method with user provided input without proper...

CVE-2023-27484

Summary : CVE-2023-27484 affects crossplane-runtime (Go libraries) used for building Kubernetes controllers in Crossplane stacks. A highly privileged user who can create or update Compositions can specify an arbitrarily high index in a patch’s ToFieldPath. If the index exceeds the current target ...

CVE-2023-27484 Unchecked fieldpath index in Composition's patches can lead to arbitrary memory allocation in crossplane

crossplane-runtime is a set of go libraries used to build Kubernetes controllers in Crossplane and its related stacks. In affected versions an already highly privileged user able to create or update Compositions can specify an arbitrarily high index in a patch's ToFieldPath, which could lead to...

CVE-2023-27483 fieldpath's Paved.SetValue allows growing arrays up to arbitrary sizes in crossplane-runtime

crossplane-runtime is a set of go libraries used to build Kubernetes controllers in Crossplane and its related stacks. An out of memory panic vulnerability has been discovered in affected versions. Applications that use the Paved type's SetValue method with user provided input without proper...

CVE-2023-27483

CVE-2023-27483 affects crossplane-runtime: the fieldpath package’s Paved.SetValue can grow slices to very large sizes when given unvalidated input, causing an out-of-memory panic. Affected code path is the Paved.SetValue method that writes values along a path without validation, with the index ca...

CVE-2023-27483 fieldpath's Paved.SetValue allows growing arrays up to arbitrary sizes in crossplane-runtime

crossplane-runtime is a set of go libraries used to build Kubernetes controllers in Crossplane and its related stacks. An out of memory panic vulnerability has been discovered in affected versions. Applications that use the Paved type's SetValue method with user provided input without proper...

CVE-2023-27483 fieldpath's Paved.SetValue allows growing arrays up to arbitrary sizes in crossplane-runtime

crossplane-runtime is a set of go libraries used to build Kubernetes controllers in Crossplane and its related stacks. An out of memory panic vulnerability has been discovered in affected versions. Applications that use the Paved type's SetValue method with user provided input without proper...

crossplane 资源管理错误漏洞

crossplane is a framework for building cloud-native control planes without writing code. A resource management error vulnerability exists in crossplane-runtime that stems from user-supplied input that is not properly validated, which could use too much memory and lead to out of memory...

crossplane 资源管理错误漏洞

crossplane is a framework for building cloud-native control planes without writing code. A resource management error vulnerability exists in crossplane-runtime. An attacker could exploit this vulnerability to cause an out-of-memory condition...

PT-2023-21159 · Unknown · Crossplane-Runtime

Name of the Vulnerable Software and Affected Versions: crossplane-runtime versions prior to 0.16.1 crossplane-runtime versions prior to 0.19.2 Description: An out of memory panic issue has been discovered in crossplane-runtime, a set of Go libraries used to build Kubernetes controllers in...