reports/GO-2021-0062.yaml - vulndb - Git at Google

 module: k8s.io/apiextensions-apiserver
 package: k8s.io/apiextensions-apiserver/pkg/apiserver
 additional_packages:
 - module: k8s.io/kubernetes
   package: k8s.io/kubernetes/staging/src/k8s.io/apiextensions-apiserver/pkg/apiserver
   symbols:
   - NewCustomResourceDefinitionHandler
   versions:
   - fixed: v1.17.0-alpha.2
 versions:
 - fixed: v0.17.0
 description: |
   A maliciously crafted YAML or JSON message can cause resource
   exhaustion.
 published: 2021-04-14T12:00:00Z
 cve: CVE-2019-11253
 symbols:
 - NewCustomResourceDefinitionHandler
 links:
   pr: https://github.com/kubernetes/kubernetes/pull/83261
   commit: https://github.com/kubernetes/apiextensions-apiserver/commit/9cfd100448d12f999fbf913ae5d4fef2fcd66871
   context:
   - https://github.com/kubernetes/kubernetes/issues/83253
   - https://gist.github.com/bgeesaman/0e0349e94cd22c48bf14d8a9b7d6b8f2
	module: k8s.io/apiextensions-apiserver
	package: k8s.io/apiextensions-apiserver/pkg/apiserver
	additional_packages:
	- module: k8s.io/kubernetes
	package: k8s.io/kubernetes/staging/src/k8s.io/apiextensions-apiserver/pkg/apiserver
	symbols:
	- NewCustomResourceDefinitionHandler
	versions:
	- fixed: v1.17.0-alpha.2
	versions:
	- fixed: v0.17.0
	description: \|
	A maliciously crafted YAML or JSON message can cause resource
	exhaustion.
	published: 2021-04-14T12:00:00Z
	cve: CVE-2019-11253
	symbols:
	- NewCustomResourceDefinitionHandler
	links:
	pr: https://github.com/kubernetes/kubernetes/pull/83261
	commit: https://github.com/kubernetes/apiextensions-apiserver/commit/9cfd100448d12f999fbf913ae5d4fef2fcd66871
	context:
	- https://github.com/kubernetes/kubernetes/issues/83253
	- https://gist.github.com/bgeesaman/0e0349e94cd22c48bf14d8a9b7d6b8f2