MEDIUM✓ PATCH🇵🇱 Wersja polska

CVE-2019-11254

CVSS 6.5v3.1pub. 2020-04-01upd. 2024-11-21

The Kubernetes API Server component in versions 1.1-1.14, and versions prior to 1.15.10, 1.16.7 and 1.17.3 allows an authorized user who sends malicious YAML payloads to cause the kube-apiserver to consume excessive CPU cycles while parsing YAML.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • Kubernetes

    APP
    Kubernetes
    < 1.15.101.16.0 – 1.16.7 (bez)1.17.0 – 1.17.3 (bez)
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
Tags
Container
CWE
References

Related vulnerabilities

CVE-2026-33519CRITICAL9.8PL ✓ten sam produkt

Nieprawidłowa autoryzacja w Esri Portal for ArcGIS — obejście uprawnień

CVE-2025-57870CRITICAL10.0PL ✓ten sam produkt

SQL Injection w Esri ArcGIS Server — zdalny dostęp bez uwierzytelnienia

CVE-2018-1002105CRITICAL9.8ten sam produkt

In all Kubernetes versions prior to v1.10.11, v1.11.5, and v1.12.3, incorrect handling of error responses to p...

CVE-2017-1000056CRITICAL9.8ten sam produkt

Kubernetes version 1.5.0-1.5.4 is vulnerable to a privilege escalation in the PodSecurityPolicy admission plug...

CVE-2016-1906CRITICAL9.8ten sam produkt

Openshift allows remote attackers to gain privileges by updating a build configuration that was created with a...