Vulnerability Description
kubeflow/kubeflow is vulnerable to a Regular Expression Denial of Service (ReDoS) attack due to inefficient regular expression complexity in its email validation mechanism. An attacker can remotely exploit this vulnerability without authentication by providing specially crafted input that causes the application to consume an excessive amount of CPU resources. This vulnerability affects the latest version of kubeflow/kubeflow, specifically within the centraldashboard-angular backend component. The impact of exploiting this vulnerability includes resource exhaustion, and service disruption.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Kubeflow | Kubeflow | < 1.9.0 |
Related Weaknesses (CWE)
References
- https://huntr.com/bounties/0c1d6432-f385-4c54-beea-9f8c677def5bExploitThird Party Advisory
- https://huntr.com/bounties/0c1d6432-f385-4c54-beea-9f8c677def5bExploitThird Party Advisory
FAQ
What is CVE-2024-5552?
CVE-2024-5552 is a vulnerability with a CVSS score of 7.5 (HIGH). kubeflow/kubeflow is vulnerable to a Regular Expression Denial of Service (ReDoS) attack due to inefficient regular expression complexity in its email validation mechanism. An attacker can remotely ex...
How severe is CVE-2024-5552?
CVE-2024-5552 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-5552?
Check the references section above for vendor advisories and patch information. Affected products include: Kubeflow Kubeflow.