VYPR
High severityNVD Advisory· Published Mar 16, 2021· Updated Aug 3, 2024

CVE-2021-20218

CVE-2021-20218

Description

A flaw was found in the fabric8 kubernetes-client in version 4.2.0 and after. This flaw allows a malicious pod/container to cause applications using the fabric8 kubernetes-client copy command to extract files outside the working path. The highest threat from this vulnerability is to integrity and system availability. This has been fixed in kubernetes-client-4.13.2 kubernetes-client-5.0.2 kubernetes-client-4.11.2 kubernetes-client-4.7.2

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
io.fabric8:kubernetes-clientMaven
>= 4.2.0, < 4.7.24.7.2
io.fabric8:kubernetes-clientMaven
>= 4.8.0, < 4.11.24.11.2
io.fabric8:kubernetes-clientMaven
>= 4.12.0, < 4.13.24.13.2
io.fabric8:kubernetes-clientMaven
>= 5.0.0, < 5.0.25.0.2

Affected products

2

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.