CVE-2019-11253: PKS is vulnerable to a YAML/JSON parsing "Billion Laughs" Attack
23730
03 March 2020
03 March 2020
CLOSED
HIGH
CVE-2019-11253
Severity
High
Vendor
Pivotal
Description
Pivotal Container Service, 1.5 versions prior to 1.5.2, contains a vulnerable version of the Kubernetes API server, which allows authorized users to send malicious YAML or JSON payloads, causing the API server to consume excessive CPU or memory, potentially crashing and becoming unavailable.
Affected VMware Products and Versions
Severity is high unless otherwise noted.
- Pivotal Container Service (PKS)
- 1.5 versions prior to 1.5.2
Mitigation
- Pivotal Container Service (PKS)
- 1.5.2
References
History
2020-03-03: Initial vulnerability report published.