VYPR
Moderate severityNVD Advisory· Published Apr 1, 2020· Updated Sep 16, 2024

Kubernetes API Server denial of service vulnerability from malicious YAML payloads

CVE-2019-11254

Description

The Kubernetes API Server component in versions 1.1-1.14, and versions prior to 1.15.10, 1.16.7 and 1.17.3 allows an authorized user who sends malicious YAML payloads to cause the kube-apiserver to consume excessive CPU cycles while parsing YAML.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
gopkg.in/yaml.v2Go
< 2.2.82.2.8
github.com/go-yaml/yamlGo
<= 2.1.0

Affected products

13

Patches

Vulnerability mechanics

References

11

News mentions

0

No linked articles in our index yet.