Home > Vulnerability Database > CVE-2023-48713

Mend.io Vulnerability Database

CVE-2023-48713

Good to know:

Date: November 27, 2023

Knative Serving builds on Kubernetes to support deploying and serving of applications and functions as serverless containers. An attacker who controls a pod to a degree where they can control the responses from the /metrics endpoint can cause Denial-of-Service of the autoscaler from an unbound memory allocation bug. This is a DoS vulnerability, where a non-privileged Knative user can cause a DoS for the cluster. This issue has been patched in version 0.39.0.

Language: Go

Severity Score

6.5

Related Resources (7)

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-48713

Url: https://github.com/knative/serving/commit/012ee2509231b80b7842139bfabc30516d3026ca

Url: https://github.com/knative/serving/commit/101f814112b9ca0767f457e7e616b46205551cf1

Url: https://github.com/knative/serving/security/advisories/GHSA-qmvj-4qr9-v547

Url: https://github.com/knative/serving

Url: https://github.com/knative/serving/commit/fff40ef7bac9be8380ec3d1c70fc15b57093382a

Url: https://www.mend.io/vulnerability-database/CVE-2023-48713

Severity Score

6.5

Weakness Type (CWE)

Uncontrolled Resource Consumption ('Resource Exhaustion')

CWE-400

Insufficient Information

NVD-CWE-noinfo

Top Fix

Upgrade Version

Upgrade to version knative-v1.10.5,knative-v1.11.3,knative-v1.12.0,v0.37.5,v0.38.3,v0.39.0

Learn More

CVSS v3.1

Base Score:	6.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2023-48713

Good to know:

Date: November 27, 2023

Language: Go

Severity Score

Related Resources (7)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?