Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Crossplane vulnerable to denial of service from large image
Vulnerability Description
Crossplane is a framework for building cloud native control planes without needing to write code. In versions prior to 1.11.5, 1.12.3, and 1.13.0, a high-privileged user could create a Package referencing an arbitrarily large image containing that Crossplane would then parse, possibly resulting in exhausting all the available memory and therefore in the container being OOMKilled. The impact is limited due to the high privileges required to be able to create the Package and the eventually consistency nature of controller. This issue is fixed in versions 1.11.5, 1.12.3, and 1.13.0.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:N/I:N/A:L
Vulnerability Type
未加控制的资源消耗(资源穷尽)
Vulnerability Title
Crossplane 安全漏洞
Vulnerability Description
crossplane是一个无需编写代码即可构建云原生控制平面的框架。 Crossplane存在安全漏洞,该漏洞源于允许高权限用户创建任意大图像包导致Crossplane解析时资源耗尽,进而导致拒绝服务(DoS)。受影响的产品和版本:Crossplane 1.11.5及之前版本,1.12.3及之前版本,1.13.0及之前版本。
CVSS Information
N/A
Vulnerability Type
N/A