By 
Two highly critical flaws affecting all versions of the Kubernetes open-source system for dealing with containerized apps can let an unlawful attacker activate a denial-of-service (DoS) state.
Development team of Kubernetes has already issued repaired versions to address these new security faults and block latent attackers from abusing them.
Kubernetes was initially developed by Google using Go and it is intended to help mechanize the arrangement, scaling, and management of containerized workloads and services over bunches of hosts.
“A security issue has been found in the net/http library of the Go language that affects all versions and all components of Kubernetes,” disclosed Kubernetes Product Security Committee’s Micah Hausler on the announcement list for Kubernetes security issues.
“The vulnerabilities can result in a DoS against any process with an HTTP or HTTPS listener.” All versions of Kubernetes are being impacted.
Netflix declared the finding of numerous susceptibilities revealing servers that come with support for HTTP/2 communication to DoS attacks on August 13.
Out of the eight CVEs released by Netflix with their security recommendion, two of them also affect Go and all Kubernetes gears intended to serve HTTP/2 traffic (including /healthz).
Tracked as CVE-2019-9512 and CVE-2019-9514, the two flaws have been assigned CVSS v3.0 base scores of 7.5, making it possible for “untrusted clients to allocate an unlimited amount of memory, until the server crashes.”
