Affected by GO-2022-0617
and 9 other vulnerabilities
GO-2022-0617 : WITHDRAWN: Potential proxy IP restriction bypass in Kubernetes in k8s.io/kubernetes
GO-2022-0910 : Files or Directories Accessible to External Parties in kubernetes in k8s.io/kubernetes
GO-2022-0983 : kubectl ANSI escape characters not filtered in k8s.io/kubernetes
GO-2023-1864 : Kubelet vulnerable to bypass of seccomp profile enforcement in k8s.io/kubernetes
GO-2023-1891 : kube-apiserver vulnerable to policy bypass in k8s.io/kubernetes
GO-2023-1892 : Kubernetes mountable secrets policy bypass in k8s.io/kubernetes
GO-2023-2159 : Kube-proxy may unintentionally forward traffic in k8s.io/kubernetes
GO-2023-2341 : Kubernetes Improper Input Validation vulnerability in k8s.io/kubernetes
GO-2024-2994 : Kubernetes sets incorrect permissions on Windows containers logs in k8s.io/kubernetes
GO-2024-3277 : Kubernetes Nil pointer dereference in KCM after v1 HPA patch request in k8s.io/kubernetes
Discover Packages
k8s.io/kubernetes
test
images
regression-issue-74839
command
Version:
v1.20.8-rc.0
Opens a new window with list of versions in this module.
Published: May 12, 2021
License: Apache-2.0
Opens a new window with license information.
Imports: 8
Opens a new window with list of imports.
Imported by: 0
Opens a new window with list of known importers.
README
README
¶
Reproduction of k8s issue #74839
Network services with heavy load will cause "connection reset" from time to
time. Especially those with big payloads. When packets with sequence number
out-of-window arrived k8s node, conntrack marked them as INVALID. kube-proxy
will ignore them, without rewriting DNAT. The packet goes back the original
pod, who doesn't recognize the packet because of the wrong source ip, end up
RSTing the connection.
Reference
https://github.com/kubernetes/kubernetes/issues/74839
Expand ▾
Collapse ▴
Documentation
¶
There is no documentation for this package.
Source Files
¶
Click to show internal directories.
Click to hide internal directories.