Dependency Report
Raw Location Data:🟨 Excessive Platform Resource Consumption within a Loop in Kubernetes in gopkg.in/yaml.v2
Description
Abusively constructed YAML payload can significantly reduce parsing performance potentially leading to DoS.
Solution
Upgrade to version 2.2.8 or above.
Severity
Medium
CVE
go.sum:gopkg.in/yaml.v2:gemnasium:479bfa14-4b11-4314-ad05-696ac3b7b162
Identifiers
Gemnasium-479bfa14-4b11-4314-ad05-696ac3b7b162, CVE-2019-11254, GHSA-wxc4-f4m6-wwqv
Links
https://github.com/advisories/GHSA-wxc4-f4m6-wwqv, https://github.com/go-yaml/yaml/commit/53403b58ad1b561927d19068c655246f2db79d48, https://github.com/kubernetes/kubernetes/issues/89535, https://github.com/kubernetes/kubernetes/pull/87467/commits/b86df2bec4f377afc0ca03482ffad2f0a49a83b8, https://groups.google.com/d/msg/kubernetes-announce/ALL9s73E5ck/4yHe8J-PBAAJ, https://nvd.nist.gov/vuln/detail/CVE-2019-11254, https://security.netapp.com/advisory/ntap-20200413-0003/
{
"file": "go.sum",
"dependency": {
"package": {
"name": "gopkg.in/yaml.v2"
},
"version": "v2.2.2"
}
}