github.com/kubeedge/kubeedge is vulnerable to denial of service. The vulnerability exists in ExtractMessage
function because of a message response causing a nil-pointer dereference in CSI Driver controller server which allows an attacker to send malicious messages causing an application crash.
github.com/advisories/GHSA-x938-fvfw-7jh5
github.com/kubeedge/kubeedge/commit/6ae57ca235329ed318e32720e699aef07aff1459
github.com/kubeedge/kubeedge/commit/6c2b2298121a4695647a2e31df15169def547222
github.com/kubeedge/kubeedge/commits/5d60ae9eabd6b6b7afe38758e19bbe8137664701
github.com/kubeedge/kubeedge/pull/3899
github.com/kubeedge/kubeedge/pull/3899/commits/5d60ae9eabd6b6b7afe38758e19bbe8137664701
github.com/kubeedge/kubeedge/pull/3947
github.com/kubeedge/kubeedge/pull/3948
github.com/kubeedge/kubeedge/security/advisories/GHSA-x938-fvfw-7jh5