kubeflow/kubeflow is vulnerable to a Regular Expression Denial of Service (ReDoS) attack due to inefficient regular expression complexity in its email validation mechanism. An attacker can remotely exploit this vulnerability without authentication by providing specially crafted input that causes the application to consume an excessive amount of CPU resources. This vulnerability affects the latest version of kubeflow/kubeflow, specifically within the centraldashboard-angular backend component. The impact of exploiting this vulnerability includes resource exhaustion, and service disruption.
Metrics
Affected Vendors & Products
References
History
Mon, 23 Sep 2024 23:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Kubeflow
Kubeflow kubeflow |
|
CPEs | cpe:2.3:a:kubeflow:kubeflow:*:*:*:*:*:*:*:* | |
Vendors & Products |
Kubeflow
Kubeflow kubeflow |
|
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: @huntr_ai
Published: 2024-06-06T18:09:09.149Z
Updated: 2024-08-01T21:18:06.319Z
Reserved: 2024-05-30T21:56:04.319Z
Link: CVE-2024-5552
Vulnrichment
Updated: 2024-08-01T21:18:06.319Z
NVD
Status : Analyzed
Published: 2024-06-06T19:16:09.697
Modified: 2024-09-23T22:31:27.563
Link: CVE-2024-5552
Redhat
No data.