CVE-2024-5552

Name of the Vulnerable Software and Affected Versions kubeflow/kubeflow versions prior to the fixed version

Description The issue is related to a Regular Expression Denial of Service (ReDoS) attack due to inefficient regular expression complexity in the email validation mechanism. An attacker can remotely exploit this vulnerability without authentication by providing specially crafted input that causes the application to consume an excessive amount of CPU resources. The impact of exploiting this vulnerability includes resource exhaustion and service disruption.

Recommendations As a temporary workaround, consider disabling the email validation mechanism until a patch is available. Restrict access to the centraldashboard-angular backend component to minimize the risk of exploitation. Avoid using the vulnerable email validation function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.