2 matches found
GHSA-Q93Q-V844-JRQP vulnerabilities
Vulnerabilities for packages: kyverno-notation-aws...
Kyverno's Improper JMESPath Variable Evaluation Lead to Denial of Service
Summary A Denial of Service DoS vulnerability exists in Kyverno due to improper handling of JMESPath variable substitutions. Attackers with permissions to create or update Kyverno policies can craft expressions using the @ variable combined with a pipe and an invalid JMESPath function e.g., @ |...