High Severity

kubeflow

ReDoS Vulnerability in Central Dashboard Component

A Regular Expression Denial of Service (ReDoS) vulnerability was identified in the central dashboard component of Kubeflow, affecting the latest version. The vulnerability allows attackers to remotely execute an attack without authentication, causing excessive CPU consumption. There is no fixed version mentioned.

Available publicly on May 31 2024

7.5

CVE:

CVE-2024-5552

CWE:

1333:Inefficient Regular Expression Complexity

CVSS:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Credit:

codevigilanteofficial
AssessDetect

Unavailable

Remediate
Remediation Steps
  • Update the regular expression to avoid exponential time complexity.
  • Implement rate limiting on the API endpoint to mitigate the impact of such attacks.
  • Validate input lengths before processing them with the regex to prevent excessive processing times.
  • Regularly monitor and update dependencies to ensure security patches are applied.
Patch Details
  • Fixed Version: N/A
  • Patch Commit: N/A
Want more out of Sightline?

Sightline offers even more for premium customers

Go Premium

We have 291 related security advisories that are available with Sightline Premium.

Sightline logo
About Protect AIPrivacy PolicyTerms of Service
© 2024 Protect AI, Inc.
Slack iconLinkedIn iconYoutube iconX icon