GMS-2023-442: Kubernetes apimachinery packages vulnerable to unbounded recursion in JSON parsing

February 8, 2023 (updated February 24, 2023)

Unbounded recursion in JSON parsing allows malicious JSON input to cause excessive memory consumption or panics.

References

github.com/advisories/GHSA-74fp-r6jw-h4mp
github.com/advisories/GHSA-pmqp-h87c-mr78
github.com/kubernetes/kubernetes/pull/83261
nvd.nist.gov/vuln/detail/CVE-2019-11253
pkg.go.dev/vuln/GO-2022-0965

Code Behaviors & Features

Detect and mitigate GMS-2023-442 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →