Denial-of-Service Vulnerability in CAPI (Cloud Controller) YAML Parser

Denial-of-Service Vulnerability in CAPI (Cloud Controller) YAML Parser

CVE-2020-5423 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CAPI (Cloud Controller) versions prior to 1.101.0 are vulnerable to a denial-of-service attack in which an unauthenticated malicious attacker can send specially-crafted YAML files to certain endpoints, causing the YAML parser to consume excessive CPU and RAM.

Learn more about our Api Penetration Testing.