Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
ReDoS in kubeflow/kubeflow
Vulnerability Description
kubeflow/kubeflow is vulnerable to a Regular Expression Denial of Service (ReDoS) attack due to inefficient regular expression complexity in its email validation mechanism. An attacker can remotely exploit this vulnerability without authentication by providing specially crafted input that causes the application to consume an excessive amount of CPU resources. This vulnerability affects the latest version of kubeflow/kubeflow, specifically within the centraldashboard-angular backend component. The impact of exploiting this vulnerability includes resource exhaustion, and service disruption.
CVSS Information
N/A
Vulnerability Type
CWE-1333
Vulnerability Title
Kubeflow 安全漏洞
Vulnerability Description
Kubeflow是Kubeflow开源的一个云原生平台。 Kubeflow存在安全漏洞,该漏洞源于容易受到正则表达式拒绝服务(ReDoS)攻击,攻击者可以通过提供特制的输入导致应用程序消耗过多的CPU资源。
CVSS Information
N/A
Vulnerability Type
N/A