漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Crossplane vulnerable to denial of service from large image
Vulnerability Description
Crossplane is a framework for building cloud native control planes without needing to write code. In versions prior to 1.11.5, 1.12.3, and 1.13.0, a high-privileged user could create a Package referencing an arbitrarily large image containing that Crossplane would then parse, possibly resulting in exhausting all the available memory and therefore in the container being OOMKilled. The impact is limited due to the high privileges required to be able to create the Package and the eventually consistency nature of controller. This issue is fixed in versions 1.11.5, 1.12.3, and 1.13.0.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:N/I:N/A:L
Vulnerability Type
未加控制的资源消耗(资源穷尽)
Vulnerability Title
Crossplane 安全漏洞
Vulnerability Description
crossplane是一个无需编写代码即可构建云原生控制平面的框架。 Crossplane存在安全漏洞,该漏洞源于允许高权限用户创建任意大图像包导致Crossplane解析时资源耗尽,进而导致拒绝服务(DoS)。受影响的产品和版本:Crossplane 1.11.5及之前版本,1.12.3及之前版本,1.13.0及之前版本。
CVSS Information
N/A
Vulnerability Type
N/A