The Kubernetes API Server component in versions 1.1-1.14, and versions prior to 1.15.10, 1.16.7 and 1.17.3 allows an authorized user who sends malicious YAML payloads to cause the kube-apiserver to consume excessive CPU cycles while parsing YAML.
{ "nvd_published_at": null, "cwe_ids": [ "CWE-1050" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2021-05-07T17:24:04Z" }