| module: k8s.io/apiextensions-apiserver |
| package: k8s.io/apiextensions-apiserver/pkg/apiserver |
| additional_packages: |
| - module: k8s.io/kubernetes |
| package: k8s.io/kubernetes/staging/src/k8s.io/apiextensions-apiserver/pkg/apiserver |
| symbols: |
| - NewCustomResourceDefinitionHandler |
| versions: |
| - fixed: v1.17.0-alpha.2 |
| versions: |
| - fixed: v0.17.0 |
| description: | |
| A maliciously crafted YAML or JSON message can cause resource |
| exhaustion. |
| published: 2021-04-14T12:00:00Z |
| cve: CVE-2019-11253 |
| symbols: |
| - NewCustomResourceDefinitionHandler |
| links: |
| pr: https://github.com/kubernetes/kubernetes/pull/83261 |
| commit: https://github.com/kubernetes/apiextensions-apiserver/commit/9cfd100448d12f999fbf913ae5d4fef2fcd66871 |
| context: |
| - https://github.com/kubernetes/kubernetes/issues/83253 |
| - https://gist.github.com/bgeesaman/0e0349e94cd22c48bf14d8a9b7d6b8f2 |