DEBIAN-CVE-2019-1002100

Advisory lineage Upstream: 1 Downstream: 0

Upstream

CVE-2019-1002100

Published: 01 Apr 2019, 14:29

Last modified:28 Apr 2026, 20:19

Vulnerability Summary

Overall Risk (default)

medium

26/100

CVSS Score

6.5 MEDIUM

3.1 (osv_debian)

EPSS Score

No data

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

01 Apr 2019, 14:29

Published

Vulnerability first disclosed

28 Apr 2026, 20:19

Last Modified

Vulnerability information updated

Description

In all Kubernetes versions prior to v1.11.8, v1.12.6, and v1.13.4, users that are authorized to make patch requests to the Kubernetes API Server can send a specially crafted patch of type "json-patch" (e.g. `kubectl patch --type json` or `"Content-Type: application/json-patch+json"`) that consumes excessive resources while processing, causing a Denial of Service on the API Server.

CVSS Metrics

v3.1•MEDIUM•Score: 6.5CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Affected Systems

debian•kubernetes
< 1.17.4-1 | < 1.17.4-1 | < 1.17.4-1 | < 1.17.4-1

References (1)

https://security-tracker.debian.org/tracker/CVE-2019-1002100