kubeflow/kubeflow is vulnerable to a Regular Expression Denial of Service (ReDoS) attack due to inefficient regular expression complexity in its email validation mechanism. An attacker can remotely exploit this vulnerability without authentication by providing specially crafted input that causes the application to consume an excessive amount of CPU resources. This vulnerability affects the latest version of kubeflow/kubeflow, specifically within the centraldashboard-angular backend component. The impact of exploiting this vulnerability includes resource exhaustion, and service disruption.
References
Link | Resource |
---|---|
https://huntr.com/bounties/0c1d6432-f385-4c54-beea-9f8c677def5b | Exploit Third Party Advisory |
Configurations
History
23 Sep 2024, 22:31
Type | Values Removed | Values Added |
---|---|---|
References | () https://huntr.com/bounties/0c1d6432-f385-4c54-beea-9f8c677def5b - Exploit, Third Party Advisory | |
First Time |
Kubeflow kubeflow
Kubeflow |
|
CPE | cpe:2.3:a:kubeflow:kubeflow:*:*:*:*:*:*:*:* |
07 Jun 2024, 14:56
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
06 Jun 2024, 19:16
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-06-06 19:16
Updated : 2024-09-23 22:31
NVD link : CVE-2024-5552
Mitre link : CVE-2024-5552
CVE.ORG link : CVE-2024-5552
JSON object : View
Products Affected
kubeflow
- kubeflow
CWE
CWE-1333
Inefficient Regular Expression Complexity