through the built-in NodeRestriction admission plugin.

**Affected Versions**:
  - kube-apiserver v1.20.0 - v1.20.5
  - kube-apiserver v1.19.0 - v1.19.9
  - kube-apiserver <= v1.18.17

**Fixed Versions**:
  - kube-apiserver v1.21.0
  - kube-apiserver v1.20.6
  - kube-apiserver v1.19.10
  - kube-apiserver v1.18.18

This vulnerability was reported by Rogerio Bastos & Ari Lima from RedHat

0605          ; disallowed                             # 7.0  ARABIC NUMBER MARK ABOVE
0606..060A    ; valid                  ;      ; NV8    # 5.1  ARABIC-INDIC CUBE ROOT..ARABIC-INDIC PER TEN THOUSAND SIGN
060B          ; valid                  ;      ; NV8    # 4.1  AFGHANI SIGN
060C          ; valid                  ;      ; NV8    # 1.1  ARABIC COMMA

(HTBL)(R9), VH2 ADD LEN, INP, R9 // end of input LXVD2X (HTBL)(R10), VH2H loop_2x: LXVD2X (INP)(R0), VIN1 #ifdef GOARCH_ppc64le VPERM IN1, IN1, LEMASK, IN1 #endif SUBC $32, LEN, LEN VPMSUMD IN, H2L, XL // H^2.lo·Xi.lo VPMSUMD IN1, HL, XL1 // H.lo·Xi+1.lo SUBE R11, R11, R11 // borrow?-1:0 VPMSUMD IN, H2, XM // H^2.hi·Xi.lo+H^2.lo·Xi.hi VPMSUMD IN1, H, XM1 // H.hi·Xi+1.lo+H.lo·Xi+1.hi AND LEN, R11, R11 VPMSUMD IN, H2H, XH // H^2.hi·Xi.hi VPMSUMD IN1, HH, XH1 // H.hi·Xi+1.hi ADD R11, INP, INP VXOR XL, XL1,...