CVE-2019-11254

Name of the Vulnerable Software and Affected Versions Kubernetes API Server versions 1.1 through 1.14 Kubernetes API Server versions prior to 1.15.10 Kubernetes API Server versions prior to 1.16.7 Kubernetes API Server versions prior to 1.17.3

Description The issue allows an authorized user to cause the kube-apiserver to consume excessive CPU cycles while parsing YAML by sending malicious YAML payloads. This can be used as a denial of service vector due to unbounded aliasing in crafted YAML files, potentially leading to significant system resource consumption when parsing user-supplied input.

Recommendations For versions 1.1 through 1.14, update to a version after 1.14. For versions prior to 1.15.10, update to version 1.15.10 or later. For versions prior to 1.16.7, update to version 1.16.7 or later. For versions prior to 1.17.3, update to version 1.17.3 or later. As a temporary workaround, consider restricting the parsing of user-supplied YAML files to minimize the risk of exploitation.