Due to unbounded aliasing, a crafted YAML file can cause consumption of significant system resources. If parsing user supplied input, this may be used as a denial of service vector.

CPENameOperatorVersion
gopkg.in/yaml.v2lt2.2.8

CPE	Name	Operator	Version
	gopkg.in/yaml.v2	lt	2.2.8

References

bugs.chromium.org/p/oss-fuzz/issues/detail?id=18496

github.com/go-yaml/yaml/commit/53403b58ad1b561927d19068c655246f2db79d48

github.com/go-yaml/yaml/pull/555

redhatcve 1

ubuntucve 1

cgr 1

wolfi 1

nessus 4

osv 2

ibm 15

debiancve 1

veracode 1

prion 1

gitlab 1

cve 1

cvelist 1

nvd 1

github 1

broadcom 1

redhat 4

oraclelinux 4

f5 1

redhatcve

CVE-2019-11254

2020-04-01 00:32:01

ubuntucve

CVE-2019-11254

2020-04-01 00:00:00

cgr

CVE-2019-11254 vulnerabilities

2024-05-19 03:07:16

wolfi

CVE-2019-11254 vulnerabilities

2024-07-01 09:08:36

nessus

Oracle Linux 7 : olcne / kubernetes (ELSA-2020-5653)

2023-09-07 00:00:00

Kubernetes < 1.15.10 / 1.16.x < 1.16.7 / 1.17.x < 1.17.3 DoS

2020-09-08 00:00:00

RHEL 7 : OpenShift Container Platform 3.11 atomic-openshift (RHSA-2020:2479)

2020-06-19 00:00:00

osv

CVE-2019-11254

2020-04-01 21:15:13

Excessive Platform Resource Consumption within a Loop in Kubernetes

2021-12-20 16:55:06

ibm

Security Bulletin: Red Hat OpenShift on IBM Cloud is affected by a Kubernetes API server security vulnerability (CVE-2019-11254)

2020-07-21 19:34:13

Security Bulletin: IBM API Connect is impacted by a vulnerability in Kubernetes (CVE-2019-11254)

2020-05-11 18:45:10

Security Bulletin: IBM Cloud Private is vulnerable to a Kubernetes vulnerability (CVE-2019-11254)

2020-08-18 22:10:35

debiancve

CVE-2019-11254

2020-04-01 21:15:13

veracode

Denial Of Service (DoS)

2020-04-02 03:17:51

prion

Code injection

2020-04-01 21:15:00

gitlab

Excessive Platform Resource Consumption within a Loop in Kubernetes

2021-12-20 00:00:00

cve

CVE-2019-11254

2020-04-01 21:15:13

cvelist

CVE-2019-11254 Kubernetes API Server denial of service vulnerability from malicious YAML payloads

2020-03-31 00:00:00

nvd

CVE-2019-11254

2020-04-01 21:15:13

github

Excessive Platform Resource Consumption within a Loop in Kubernetes

2021-12-20 16:55:06

broadcom

YAML payloads to cause the kube-apiserver to consume excessive CPU cycles while parsing YAML (CVE-2019-11254)

2023-11-07 00:00:00

redhat

(RHSA-2020:0933) Moderate: OpenShift Container Platform 4.3.9 ose-openshift-apiserver-container security update

2020-04-01 18:42:03

(RHSA-2020:2479) Moderate: OpenShift Container Platform 3.11 atomic-openshift security update

2020-06-18 03:52:41

(RHSA-2020:2413) Moderate: OpenShift Container Platform 4.5 package security update

2020-07-13 16:35:46

oraclelinux

olcne kubernetes security update

2020-04-17 00:00:00

kubernetes-cni-plugins kubernetes-cni kubernetes olcne security update

2020-06-12 00:00:00

grafana kubernetes-cni kubernetes-cni-plugins kubernetes kubernetes olcne security update

2020-06-12 00:00:00

K000134748 : Kubernetes vulnerabilities CVE-2019-1002100, CVE-2019-11254, CVE-2017-1002101, and CVE-2017-1002102

2023-05-23 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

6.5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

43.0%

JSON

Related for OSV:GO-2020-0036