Pivotal + VMware: Transforming how more of the world builds software

All Vulnerability Reports

CVE-2019-1002100: Kubernetes API Server Patch Request Consumes Excess Resource Cause Denial of Service




Pivotal Cloud Foundry


In all Kubernetes versions prior to v1.11.8, v1.12.6, and v1.13.4, users that are authorized to make patch requests to the Kubernetes API Server can send a specially crafted patch of type “json-patch” (e.g. `kubectl patch –type json` or `”Content-Type: application/json-patch+json”`) that consumes excessive resources while processing, causing a Denial of Service on the API Server.

Affected Pivotal Products and Versions

Severity is medium unless otherwise noted.

  • Pivotal Container Service (PKS)
    • versions 1.2.x prior to 1.2.11
    • Versions 1.3.x prior to 1.3.4

Users of affected versions should apply the following mitigation:

  • Pivotal recommends upgrading the following releases:
    • Pivotal Container Service (PKS)
      • Upgrade 1.2.x versions to 1.2.11 or greater
      • Upgrade 1.3.x versions to 1.3.4 or greater

2019-04-01: Initial vulnerability report published

Contact us