CVE-2024-5552

Source
https://nvd.nist.gov/vuln/detail/CVE-2024-5552
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-5552.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-5552
Published
2024-06-06T19:16:09Z
Modified
2025-01-08T09:56:14.034359Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

kubeflow/kubeflow is vulnerable to a Regular Expression Denial of Service (ReDoS) attack due to inefficient regular expression complexity in its email validation mechanism. An attacker can remotely exploit this vulnerability without authentication by providing specially crafted input that causes the application to consume an excessive amount of CPU resources. This vulnerability affects the latest version of kubeflow/kubeflow, specifically within the centraldashboard-angular backend component. The impact of exploiting this vulnerability includes resource exhaustion, and service disruption.

References

Affected packages

Git / github.com/kubeflow/kubeflow

Affected ranges

Type
GIT
Repo
https://github.com/kubeflow/kubeflow
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed

Affected versions

Other

4e7f4ed
v0

v0.*

v0.1.0-rc.0
v0.1.1
v0.2.0-rc.0
v0.2.1
v0.2.1-rc.1
v0.4.0-rc.1
v0.6.0-rc.0
v0.6.start
v0.7.0-rc.0
v0.7.0-rc.1
v0.7.0-rc.2
v0.7.0-rc.3
v0.7.0-rc.4
v0.7.0-rc.5

v1.*

v1.1.0
v1.2-rc.0
v1.5.0-rc.0
v1.9.0-rc.0
v1.9.0-rc.1
v1.9.0-rc.2