An unpatched security issue in the Kubernetes API is vulnerable to a “billion laughs” attack
Source:- hub.packtpub.com Last week, a potentially serious and unpatched security issue was revealed in the Kubernetes API server GitHub repository by StackRox. The security lapse was due to the parsing of a Kubernetes API server deployment called YAML (Yet Another Markup Language) which is used for specifying configuration-type information. This security issue makes the cluster’s Kubernetes API service vulnerable to an attack called “billion laughs”. The billion laughs attack is a type of denial-of-service (DoS) attack. The vulnerability has got a CVE-2019-11253, however, the details
Read more