Lucene search
Veracode Vulnerability DatabaseVERACODE:35452HistoryMay 09, 2022 - 7:43 a.m.
Denial Of Service (DoS)
2022-05-0907:43:10
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
17
0.001 Low
EPSS
Percentile
34.8%
github.com/fluxcd/kustomize-controller is vulnerable to denial of service. An attacker can access files outside the expected directory via a malicious kustomization.yaml and cause an application crash at the controller level.
References
github.com/fluxcd/flux2/commit/5536af9756b6a55139855b385b557f3f92ffca14
github.com/fluxcd/flux2/pull/2611
github.com/fluxcd/flux2/security/advisories/GHSA-7pwf-jg34-hxwp
github.com/fluxcd/kustomize-controller/commit/39872cd02f2354360e8dc5323a251c5435e03eb6
github.com/fluxcd/kustomize-controller/pull/620
Related
cvelist
cvelist
osv
osv
Improper path handling in Kustomization files allows for denial of service
2022-05-20 16:58:38
CVE-2022-24878
2022-05-06 02:15:07
BIT-kustomize-2022-24878
2024-03-06 10:55:18
cve
cve
CVE-2022-24878
2022-05-06 02:15:07
nvd
nvd
CVE-2022-24878
2022-05-06 02:15:07
prion
prion
Path traversal
2022-05-06 02:15:00
github
github
Improper path handling in Kustomization files allows for denial of service
2022-05-20 16:58:38