x/vulndb: potential Go vuln in github.com/kubernetes/kubernetes: GHSA-579h-mv94-g4gp

[GoVulnBot]

In GitHub Security Advisory GHSA-579h-mv94-g4gp, there is a vulnerability in the following Go packages or modules:

Unit	Fixed	Vulnerable Ranges
github.com/kubernetes/kubernetes	1.12.3	>= 1.12.0, < 1.12.3

Cross references:

• CVE-2018-1002105 appears in issue x/vulndb: potential Go vuln in github.com/kubernetes/kubernetes: GHSA-579h-mv94-g4gp #792 NOT_IMPORTABLE
• GHSA-579h-mv94-g4gp appears in issue x/vulndb: potential Go vuln in github.com/kubernetes/kubernetes: GHSA-579h-mv94-g4gp #792 NOT_IMPORTABLE

See doc/triage.md for instructions on how to triage this report.

modules:
  - module: TODO
    versions:
      - introduced: 1.12.0
        fixed: 1.12.3
    packages:
      - package: github.com/kubernetes/kubernetes
  - module: TODO
    versions:
      - introduced: 1.11.0
        fixed: 1.11.5
    packages:
      - package: github.com/kubernetes/kubernetes
  - module: TODO
    versions:
      - fixed: 1.10.11
    packages:
      - package: github.com/kubernetes/kubernetes
description: In all Kubernetes versions prior to v1.10.11, v1.11.5, and v1.12.3, incorrect
    handling of error responses to proxied upgrade requests in the kube-apiserver
    allowed specially crafted requests to establish a connection through the Kubernetes
    API server to backend servers, then send arbitrary requests over the same connection
    directly to the backend, authenticated with the Kubernetes API server's TLS credentials
    used to establish the backend connection.
cves:
  - CVE-2018-1002105
ghsas:
  - GHSA-579h-mv94-g4gp

[tatianab]

Duplicate of #792