CVE-2019-11254
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2019-11254
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-11254.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2019-11254
- Aliases
- Downstream
- Related
- Published
- 2020-04-01T21:15:13Z
- Modified
- 2025-09-24T09:17:33.713257Z
- Severity
-
- 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
The Kubernetes API Server component in versions 1.1-1.14, and versions prior to 1.15.10, 1.16.7 and 1.17.3 allows an authorized user who sends malicious YAML payloads to cause the kube-apiserver to consume excessive CPU cycles while parsing YAML.
- References
Affected packages
Git / github.com/kubernetes/kubelet
Affected ranges
- Type
- GIT
- Repo
- https://github.com/kubernetes/kubelet
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
- Type
- GIT
- Repo
- https://github.com/kubernetes/kubernetes
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
v0.*
v0.10.0
v0.11.0
v0.12.0
v0.13.0
v0.13.1-dev
v0.14.0
v0.14.1
v0.15.0
v0.16.0
v0.16.1
v0.16.2
v0.17.0
v0.17.1
v0.18.0
v0.18.1
v0.18.2
v0.19.0
v0.19.1
v0.19.2
v0.19.3
v0.2
v0.20.0
v0.20.1
v0.20.2
v0.21.0
v0.21.1
v0.21.2
v0.3
v0.4
v0.5
v0.6.0
v0.7.0
v0.8.0
v0.9.0
v1.*
v1.0.0
v1.1.0-alpha.0
v1.1.0-alpha.1
v1.10.0-alpha.0
v1.10.0-alpha.1
v1.10.0-alpha.2
v1.10.0-alpha.3
v1.11.0-alpha.0
v1.11.0-alpha.1
v1.11.0-alpha.2
v1.12.0-alpha.0
v1.12.0-alpha.1
v1.13.0-alpha.0
v1.13.0-alpha.1
v1.13.0-alpha.2
v1.13.0-alpha.3
v1.14.0-alpha.0
v1.14.0-alpha.1
v1.14.0-alpha.2
v1.14.0-alpha.3
v1.15.0
v1.15.0-alpha.0
v1.15.0-alpha.1
v1.15.0-alpha.2
v1.15.0-alpha.3
v1.15.0-beta.0
v1.15.0-beta.1
v1.15.0-beta.2
v1.15.0-rc.1
v1.15.1
v1.15.1-beta.0
v1.15.10-beta.0
v1.15.2
v1.15.2-beta.0
v1.15.3
v1.15.3-beta.0
v1.15.4
v1.15.4-beta.0
v1.15.5
v1.15.5-beta.0
v1.15.6
v1.15.6-beta.0
v1.15.7
v1.15.7-beta.0
v1.15.8
v1.15.8-beta.0
v1.15.8-beta.1
v1.15.9
v1.15.9-beta.0
v1.16.0-alpha.0
v1.2.0-alpha.1
v1.2.0-alpha.2
v1.2.0-alpha.3
v1.2.0-alpha.4
v1.2.0-alpha.5
v1.2.0-alpha.6
v1.2.0-alpha.7
v1.2.0-alpha.8
v1.3.0-alpha.0
v1.3.0-alpha.1
v1.3.0-alpha.2
v1.3.0-alpha.3
v1.3.0-alpha.4
v1.3.0-alpha.5
v1.4.0-alpha.0
v1.4.0-alpha.1
v1.4.0-alpha.2
v1.4.0-alpha.3
v1.5.0-alpha.0
v1.5.0-alpha.1
v1.5.0-alpha.2
v1.6.0-alpha.0
v1.6.0-alpha.1
v1.6.0-alpha.2
v1.6.0-alpha.3
v1.7.0-alpha.0
v1.7.0-alpha.1
v1.7.0-alpha.2
v1.7.0-alpha.3
v1.7.0-alpha.4
v1.8.0-alpha.0
v1.8.0-alpha.1
v1.8.0-alpha.2
v1.8.0-alpha.3
v1.9.0-alpha.0
v1.9.0-alpha.1
v1.9.0-alpha.2
v1.9.0-alpha.3