Uasimojo

**Name of the Vulnerable Software and Affected Versions** Flux versions prior to 0.35.0 **Description** The issue concerns a Denial of Service in Flux, an open and extensible continuous delivery solution for Kubernetes. Users with permissions to change Flux's objects can provide invalid data to fields `spec.interval` or `spec.timeout`, causing the entire object type to stop being processed. This is due to two root causes: the Kubernetes type `metav1.Duration` not being fully compatible with the Go type `time.Duration`, and a lack of validation within Flux to restrict allowed values. **Recommendations** For versions prior to 0.35.0, upgrade to version 0.35.0 or later to resolve the issue. As a temporary workaround, consider employing Admission controllers to restrict the values that can be used for fields `spec.interval` and `spec.timeout`.