Описание
ingress-nginx vulnerable to Allocation of Resources Without Limits or Throttling
A security issue was discovered in ingress-nginx where the validating admission controller feature is subject to a denial of service condition. By sending large requests to the validating admission controller, an attacker can cause memory consumption, which may result in the ingress-nginx controller pod being killed or the node running out of memory.
Пакеты
k8s.io/ingress-nginx
< 1.13.7
1.13.7
k8s.io/ingress-nginx
>= 1.14.0, < 1.14.3
1.14.3
Связанные уязвимости
A security issue was discovered in ingress-nginx where the validating admission controller feature is subject to a denial of service condition. By sending large requests to the validating admission controller, an attacker can cause memory consumption, which may result in the ingress-nginx controller pod being killed or the node running out of memory.