Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Knative Serving vulnerable to attacker-controlled pod causing denial of service of autoscaler
Vulnerability Description
Knative Serving builds on Kubernetes to support deploying and serving of applications and functions as serverless containers. An attacker who controls a pod to a degree where they can control the responses from the /metrics endpoint can cause Denial-of-Service of the autoscaler from an unbound memory allocation bug. This is a DoS vulnerability, where a non-privileged Knative user can cause a DoS for the cluster. This issue has been patched in version 0.39.0.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Vulnerability Type
未加控制的资源消耗(资源穷尽)
Vulnerability Title
Knative Serving 安全漏洞
Vulnerability Description
Knative Serving是Knative公司的基于 Kubernetes 构建,支持将应用程序和功能作为无服务器容器进行部署和服务。 Knative Serving 存在安全漏洞,该漏洞源于内存分配错误,从而导致自动缩放程序拒绝服务。
CVSS Information
N/A
Vulnerability Type
N/A