blob: e1717140b83cd01e6efa0f7513865d432ac27f17 [file] [log] [blame]
id: GO-2022-0965
modules:
- module: k8s.io/apimachinery
versions:
- fixed: 0.0.0-20190927203648-9ce6eca90e73
vulnerable_at: 0.0.0-20190925125216-3ddb1b485b38
packages:
- package: k8s.io/apimachinery/pkg/runtime/serializer/json
symbols:
- customNumberDecoder.Decode
derived_symbols:
- Serializer.Decode
- Serializer.Encode
- package: k8s.io/apimachinery/pkg/util/json
symbols:
- Unmarshal
summary: Unbounded recursion in JSON parsing in k8s.io/apimachinery
description: |-
Unbounded recursion in JSON parsing allows malicious JSON input to cause
excessive memory consumption or panics.
published: 2022-09-02T21:12:51Z
ghsas:
- GHSA-74fp-r6jw-h4mp
references:
- fix: https://github.com/kubernetes/kubernetes/pull/83261
- web: https://github.com/advisories/GHSA-pmqp-h87c-mr78
- web: https://nvd.nist.gov/vuln/detail/CVE-2019-11253
review_status: REVIEWED