github.com/kubeedge/kubeedge is vulnerable to denial of service. An attacker can crash the application by sending a malicious HTTP request with a large body into the processMessage
function of servicebus.go
when users have enabled the ServiceBus
module in the edgecore.yaml
config file.
github.com/kubeedge/kubeedge/commit/327096ebe250185f1a4439394a7c027b72639cb3
github.com/kubeedge/kubeedge/commit/7420c09bb311099f61d79a051ce5446976b1ea4e
github.com/kubeedge/kubeedge/commit/8145284d40da35c493104abcf5667376c6f7e6b9
github.com/kubeedge/kubeedge/pull/4038
github.com/kubeedge/kubeedge/pull/4039
github.com/kubeedge/kubeedge/pull/4042
github.com/kubeedge/kubeedge/security/advisories/GHSA-vwm6-qc77-v2rh