github.com/kubeedge/kubeedge is vulnerable to denial of service (DoS) attacks. An attacker is able to cause denial of service conditions via memory exhaustion by sending a specifically crafted HTTP request with a large body through the signEdgeCert
function in server.go
.
github.com/kubeedge/kubeedge/commit/27a6957ee7685884a7d9b3d87c13f61625cb3bc9
github.com/kubeedge/kubeedge/commit/6ccb68fae799d210d9f304df9cba210c492432a7
github.com/kubeedge/kubeedge/commit/ecca82fd5d0b0891dbd562f4d4349443d958b9df
github.com/kubeedge/kubeedge/pull/4038
github.com/kubeedge/kubeedge/pull/4039
github.com/kubeedge/kubeedge/pull/4042
github.com/kubeedge/kubeedge/security/advisories/GHSA-x3px-2p95-f6jr