VYPR
Medium severity4.4GHSA Advisory· Published Dec 12, 2024· Updated Apr 15, 2026

CVE-2024-12401

CVE-2024-12401

Description

A flaw was found in the cert-manager package. This flaw allows an attacker who can modify PEM data that the cert-manager reads, for example, in a Secret resource, to use large amounts of CPU in the cert-manager controller pod to effectively create a denial-of-service (DoS) vector for the cert-manager in the cluster.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
github.com/cert-manager/cert-managerGo
< 1.12.141.12.14
github.com/cert-manager/cert-managerGo
>= 1.13.0-alpha.0, < 1.15.41.15.4
github.com/cert-manager/cert-managerGo
>= 1.16.0-alpha.0, < 1.16.21.16.2

Affected products

64

Patches

Vulnerability mechanics

References

10

News mentions

0

No linked articles in our index yet.