{"id":"CVE-2019-1002100","details":"In all Kubernetes versions prior to v1.11.8, v1.12.6, and v1.13.4, users that are authorized to make patch requests to the Kubernetes API Server can send a specially crafted patch of type \"json-patch\" (e.g. `kubectl patch --type json` or `\"Content-Type: application/json-patch+json\"`) that consumes excessive resources while processing, causing a Denial of Service on the API Server.","aliases":["GHSA-q4rr-64r9-fwgf","GO-2023-1946"],"modified":"2026-04-10T04:11:44.231805Z","published":"2019-04-01T14:29:00.483Z","related":["CGA-67cm-8hw2-8w3r","openSUSE-SU-2025:15424-1"],"references":[{"type":"WEB","url":"https://groups.google.com/forum/#%21topic/kubernetes-announce/vmUUNkYfG9g"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20190416-0002/"},{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/107290"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2019:1851"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2019:3239"},{"type":"REPORT","url":"https://github.com/kubernetes/kubernetes/issues/74534"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/kubernetes/kubernetes","events":[{"introduced":"0"},{"fixed":"4e209c9383fa00631d124c8adcc011d617339b3c"},{"introduced":"0ed33881dc4355495f623c6f22e7dd0b7632b7c0"},{"fixed":"ab91afd7062d4240e95e51ac00a18bd58fddd365"},{"introduced":"ddf47ac13c1a9483ea035a79cd7c10005ff21a6d"},{"fixed":"c27b913fddd1a6c480c229191a087698aa92f0b1"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"1.11.8"},{"introduced":"1.12.0"},{"fixed":"1.12.6"},{"introduced":"1.13.0"},{"fixed":"1.13.4"}]}}],"versions":["v0.13.1-dev","v0.17.0","v1.1.0-alpha.0","v1.1.0-alpha.1","v1.10.0-alpha.0","v1.10.0-alpha.1","v1.10.0-alpha.2","v1.10.0-alpha.3","v1.11.0","v1.11.0-alpha.0","v1.11.0-alpha.1","v1.11.0-alpha.2","v1.11.0-beta.0","v1.11.0-beta.1","v1.11.0-beta.2","v1.11.0-rc.1","v1.11.0-rc.2","v1.11.0-rc.3","v1.11.1","v1.11.1-beta.0","v1.11.2","v1.11.2-beta.0","v1.11.3","v1.11.3-beta.0","v1.11.4","v1.11.4-beta.0","v1.11.5","v1.11.5-beta.0","v1.11.6","v1.11.6-beta.0","v1.11.7","v1.11.7-beta.0","v1.11.8-beta.0","v1.12.0","v1.12.0-alpha.0","v1.12.1","v1.12.1-beta.0","v1.12.2","v1.12.2-beta.0","v1.12.3","v1.12.3-beta.0","v1.12.4","v1.12.4-beta.0","v1.12.5","v1.12.5-beta.0","v1.12.6-beta.0","v1.13.0","v1.13.1","v1.13.1-beta.0","v1.13.2","v1.13.2-beta.0","v1.13.3","v1.13.3-beta.0","v1.13.4-beta.0","v1.2.0-alpha.1","v1.2.0-alpha.2","v1.2.0-alpha.3","v1.2.0-alpha.4","v1.2.0-alpha.5","v1.2.0-alpha.6","v1.2.0-alpha.7","v1.2.0-alpha.8","v1.3.0-alpha.0","v1.3.0-alpha.1","v1.3.0-alpha.2","v1.3.0-alpha.3","v1.3.0-alpha.4","v1.3.0-alpha.5","v1.4.0-alpha.1","v1.4.0-alpha.2","v1.4.0-alpha.3","v1.5.0-alpha.0","v1.5.0-alpha.1","v1.5.0-alpha.2","v1.6.0-alpha.0","v1.6.0-alpha.1","v1.6.0-alpha.2","v1.6.0-alpha.3","v1.7.0-alpha.0","v1.7.0-alpha.1","v1.7.0-alpha.2","v1.7.0-alpha.3","v1.7.0-alpha.4","v1.8.0-alpha.0","v1.8.0-alpha.1","v1.8.0-alpha.2","v1.8.0-alpha.3","v1.9.0-alpha.0","v1.9.0-alpha.1","v1.9.0-alpha.2","v1.9.0-alpha.3"],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"3.10"}]},{"events":[{"introduced":"0"},{"last_affected":"3.11"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-1002100.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}]}