6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
7 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
23.6%
github.com/knative/serving is vulnerable to Denial Of Service (DOS). The vulnerability exists due to unbound memory allocation in http_scrape_client.go
which allows attackers to control the responses from the /metrics endpoint and crash the application.
github.com/knative/serving/commit/012ee2509231b80b7842139bfabc30516d3026ca
github.com/knative/serving/commit/101f814112b9ca0767f457e7e616b46205551cf1
github.com/knative/serving/commit/fff40ef7bac9be8380ec3d1c70fc15b57093382a
github.com/knative/serving/pull/14542
github.com/knative/serving/security/advisories/GHSA-qmvj-4qr9-v547
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
7 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
23.6%