A flaw was found in the cert-manager package. This flaw allows an attacker who can modify PEM data that the cert-manager reads, for example, in a Secret resource, to use large amounts of CPU in the cert-manager controller pod to effectively create a denial-of-service (DoS) vector for the cert-manager in the cluster.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| github.com/cert-manager/cert-manager(Go) | 0 | 1.12.14 | N/A |
| github.com/cert-manager/cert-manager(Go) | 1.13.0-alpha.0 | 1.15.4 | N/A |
| github.com/cert-manager/cert-manager(Go) | 1.16.0-alpha.0 | 1.16.2 | N/A |
CVSS Metrics
