Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:golang/k8s.io/kubernetes@1.14.8
Typegolang
Namespacek8s.io
Namekubernetes
Version1.14.8
Qualifiers
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version1.15.5
Latest_non_vulnerable_version1.34.2
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-9s34-1nd8-f7ee
vulnerability_id VCID-9s34-1nd8-f7ee
summary 
XML Entity Expansion and Improper Input Validation in Kubernetes API server
Improper input validation in the Kubernetes API server in versions v1.0-1.12 and versions prior to v1.13.12, v1.14.8, v1.15.5, and v1.16.2 allows authorized users to send malicious YAML or JSON payloads, causing the API server to consume excessive CPU or memory, potentially crashing and becoming unavailable. Prior to v1.14.0, default RBAC policy authorized anonymous users to submit requests that could trigger this vulnerability. Clusters upgraded from a version prior to v1.14.0 keep the more permissive policy by default for backwards compatibility.

### Specific Go Packages Affected
k8s.io/kubernetes/pkg/apiserver
references
0
reference_url https://access.redhat.com/errata/RHSA-2019:3239
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:3239
1
reference_url https://access.redhat.com/errata/RHSA-2019:3811
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:3811
2
reference_url https://access.redhat.com/errata/RHSA-2019:3905
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:3905
3
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11253.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11253.json
4
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-11253
reference_id
reference_type
scores
0
value 0.83793
scoring_system epss
scoring_elements 0.99291
published_at 2026-04-08T12:55:00Z
1
value 0.83793
scoring_system epss
scoring_elements 0.99296
published_at 2026-04-18T12:55:00Z
2
value 0.83793
scoring_system epss
scoring_elements 0.99295
published_at 2026-04-16T12:55:00Z
3
value 0.83793
scoring_system epss
scoring_elements 0.99294
published_at 2026-04-21T12:55:00Z
4
value 0.83793
scoring_system epss
scoring_elements 0.99293
published_at 2026-04-13T12:55:00Z
5
value 0.83793
scoring_system epss
scoring_elements 0.99292
published_at 2026-04-09T12:55:00Z
6
value 0.83793
scoring_system epss
scoring_elements 0.99285
published_at 2026-04-01T12:55:00Z
7
value 0.83793
scoring_system epss
scoring_elements 0.99286
published_at 2026-04-02T12:55:00Z
8
value 0.83793
scoring_system epss
scoring_elements 0.99288
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-11253
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11253
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11253
6
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
7
reference_url https://gist.github.com/bgeesaman/0e0349e94cd22c48bf14d8a9b7d6b8f2
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://gist.github.com/bgeesaman/0e0349e94cd22c48bf14d8a9b7d6b8f2
8
reference_url https://github.com/kubernetes/kubernetes/issues/83253
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/kubernetes/kubernetes/issues/83253
9
reference_url https://github.com/kubernetes/kubernetes/pull/83261
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/kubernetes/kubernetes/pull/83261
10
reference_url https://groups.google.com/forum/#%21topic/kubernetes-security-announce/jk8polzSUxs
reference_id
reference_type
scores
url https://groups.google.com/forum/#%21topic/kubernetes-security-announce/jk8polzSUxs
11
reference_url https://groups.google.com/forum/#!topic/kubernetes-security-announce/jk8polzSUxs
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://groups.google.com/forum/#!topic/kubernetes-security-announce/jk8polzSUxs
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-11253
reference_id
reference_type
scores
0
value 5.0
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:N/C:N/I:N/A:P
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-11253
13
reference_url https://pkg.go.dev/vuln/GO-2022-0703
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://pkg.go.dev/vuln/GO-2022-0703
14
reference_url https://security.netapp.com/advisory/ntap-20191031-0006
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20191031-0006
15
reference_url https://security.netapp.com/advisory/ntap-20191031-0006/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20191031-0006/
16
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1757701
reference_id 1757701
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1757701
17
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*
18
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift_container_platform:3.10:*:*:*:*:*:*:*
reference_id cpe:2.3:a:redhat:openshift_container_platform:3.10:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift_container_platform:3.10:*:*:*:*:*:*:*
19
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*
reference_id cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*
20
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift_container_platform:3.9:*:*:*:*:*:*:*
reference_id cpe:2.3:a:redhat:openshift_container_platform:3.9:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift_container_platform:3.9:*:*:*:*:*:*:*
21
reference_url https://access.redhat.com/errata/RHSA-2019:3132
reference_id RHSA-2019:3132
reference_type
scores
url https://access.redhat.com/errata/RHSA-2019:3132
22
reference_url https://access.redhat.com/errata/RHSA-2020:2795
reference_id RHSA-2020:2795
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2795
23
reference_url https://access.redhat.com/errata/RHSA-2020:2796
reference_id RHSA-2020:2796
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2796
24
reference_url https://access.redhat.com/errata/RHSA-2020:2799
reference_id RHSA-2020:2799
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2799
25
reference_url https://access.redhat.com/errata/RHSA-2020:2861
reference_id RHSA-2020:2861
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2861
26
reference_url https://access.redhat.com/errata/RHSA-2020:2863
reference_id RHSA-2020:2863
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2863
27
reference_url https://access.redhat.com/errata/RHSA-2020:2870
reference_id RHSA-2020:2870
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2870
28
reference_url https://access.redhat.com/errata/RHSA-2022:2183
reference_id RHSA-2022:2183
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:2183
fixed_packages
0
url pkg:golang/k8s.io/kubernetes@1.13.12
purl pkg:golang/k8s.io/kubernetes@1.13.12
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:golang/k8s.io/kubernetes@1.13.12
1
url pkg:golang/k8s.io/kubernetes@1.14.8
purl pkg:golang/k8s.io/kubernetes@1.14.8
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:golang/k8s.io/kubernetes@1.14.8
2
url pkg:golang/k8s.io/kubernetes@1.15.5
purl pkg:golang/k8s.io/kubernetes@1.15.5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:golang/k8s.io/kubernetes@1.15.5
3
url pkg:golang/k8s.io/kubernetes@1.16.2
purl pkg:golang/k8s.io/kubernetes@1.16.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:golang/k8s.io/kubernetes@1.16.2
aliases CVE-2019-11253, GHSA-pmqp-h87c-mr78
risk_score 10.0
exploitability 2.0
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9s34-1nd8-f7ee
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:golang/k8s.io/kubernetes@1.14.8