Dieser Inhalt steht in der ausgewählten Sprache nicht zur Verfügung. Wir arbeiten beständig daran, unsere Inhalte auch in der ausgewählten Sprache zur Verfügung zu stellen. Vielen Dank für Ihre Geduld.
Publication Date: 2025/03/24 09:00AM PDT
Description
Ingress Controllers are applications within a Kubernetes cluster that enable Ingress resources to function.
AWS is aware of CVE-2025-1098, CVE-2025-1974, CVE-2025-1097, CVE-2025-24514, and CVE-2025-24513, which affect the Kubernetes ingress-nginx controller. Amazon Elastic Kubernetes Service (Amazon EKS) does not provide or install the ingress-nginx controller and is not affected by these issues. Customers who have installed this controller on their clusters should update to the latest version.
We have proactively notified customers who were identified as having this controller installed.
References:
- CVE-2025-1098 - GitHub Issue
- CVE-2025-1974 - GitHub Issue
- CVE-2025-1097 - GitHub Issue
- CVE-2025-24514 - GitHub Issue
- CVE-2025-24513 - GitHub Issue
Please email aws-security@amazon.com with any security questions or concerns.