2 matches found
CVE-2023-38495
Crossplane versions prior to 1.11.5, 1.12.3, and 1.13.0 have a flaw in the image backend where the byte contents of packages are not validated, allowing tampering to go undetected. The vulnerability is fixed in 1.11.5, 1.12.3, and 1.13.0. Workarounds include using images from trusted sources and ...
CVE-2023-37900
Crossplane vulnerability CVE-2023-37900 allows a high-privilege user to create a Package referencing an arbitrarily large image, which Crossplane may parse and exhaust memory, potentially causing the container to be OOMKilled. Impact is mitigated by the need for high privileges and the eventual c...