CVE-2019-11253: PKS is vulnerable to a YAML/JSON parsing "Billion Laughs" Attack
Severity
High
Vendor
Pivotal
Description
Pivotal Container Service, 1.5 versions prior to 1.5.2, contains a vulnerable version of the Kubernetes API server, which allows authorized users to send malicious YAML or JSON payloads, causing the API server to consume excessive CPU or memory, potentially crashing and becoming unavailable.
Affected VMware Products and Versions
Severity is high unless otherwise noted.
-
Pivotal Container Service (PKS)
- 1.5 versions prior to 1.5.2
Mitigation
Users of affected versions should apply the following mitigation or upgrade. Releases that have fixed this issue include:
-
Pivotal Container Service (PKS)
- 1.5.2
References
History
2020-03-03: Initial vulnerability report published.