The Kubernetes API Server component in versions 1.1-1.14, and versions prior to 1.15.10, 1.16.7 and 1.17.3 allows an authorized user who sends malicious YAML payloads to cause the kube-apiserver to consume excessive CPU cycles while parsing YAML.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Kubernetes | Kubernetes | * | 1.15.10 (excluding) |
| Kubernetes | Kubernetes | 1.16.0 (including) | 1.16.7 (excluding) |
| Kubernetes | Kubernetes | 1.17.0 (including) | 1.17.3 (excluding) |
| Red Hat OpenShift Container Platform 3.11 | RedHat | atomic-openshift-0:3.11.232-1.git.0.a5bc32f.el7 | * |
| Red Hat OpenShift Container Platform 4.3 | RedHat | openshift4/ose-openshift-apiserver-rhel7:v4.3.9-202003230345 | * |
| Red Hat OpenShift Container Platform 4.5 | RedHat | openshift4/ose-hyperkube:v4.5.0-202007100518.p0 | * |
| Red Hat OpenShift Container Platform 4.5 | RedHat | openshift4/ose-oauth-server-rhel7:v4.5.0-202007012112.p0 | * |
| Red Hat OpenShift Container Platform 4.5 | RedHat | openshift-0:4.5.0-202007012112.p0.git.0.582d7fc.el8 | * |
| Kubernetes | Ubuntu | eoan | * |
| Kubernetes | Ubuntu | groovy | * |
| Kubernetes | Ubuntu | hirsute | * |
| Kubernetes | Ubuntu | impish | * |
| Kubernetes | Ubuntu | kinetic | * |
| Kubernetes | Ubuntu | lunar | * |
| Kubernetes | Ubuntu | mantic | * |
| Kubernetes | Ubuntu | upstream | * |