Moderate severityNVD Advisory· Published Aug 24, 2022· Updated Aug 3, 2024
CVE-2021-4178
CVE-2021-4178
Description
A arbitrary code execution flaw was found in the Fabric 8 Kubernetes client affecting versions 5.0.0-beta-1 and above. Due to an improperly configured YAML parsing, this will allow a local and privileged attacker to supply malicious YAML.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
io.fabric8:kubernetes-clientMaven | >= 5.0.0-beta-1, < 5.0.3 | 5.0.3 |
io.fabric8:kubernetes-clientMaven | >= 5.1.0, < 5.1.2 | 5.1.2 |
io.fabric8:kubernetes-clientMaven | >= 5.2.0, < 5.3.2 | 5.3.2 |
io.fabric8:kubernetes-clientMaven | >= 5.5.0, < 5.7.4 | 5.7.4 |
io.fabric8:kubernetes-clientMaven | >= 5.8.0, < 5.8.1 | 5.8.1 |
io.fabric8:kubernetes-clientMaven | >= 5.9.0, < 5.10.2 | 5.10.2 |
io.fabric8:kubernetes-clientMaven | >= 5.11.0, < 5.11.2 | 5.11.2 |
Affected products
2- Fabric 8/Kubernetes clientdescription
Patches
Vulnerability mechanics
References
8- github.com/advisories/GHSA-98g7-rxmf-rrxmghsax_refsource_MISCADVISORY
- nvd.nist.gov/vuln/detail/CVE-2021-4178ghsaADVISORY
- access.redhat.com/security/cve/CVE-2021-4178mitrex_refsource_MISC
- access.redhat.com/security/cve/cve-2021-4178ghsaWEB
- bugzilla.redhat.com/show_bug.cgighsax_refsource_MISCWEB
- github.com/fabric8io/kubernetes-client/commit/445103004d1ed3153d5abb272473451d05891e39ghsaWEB
- github.com/fabric8io/kubernetes-client/issues/3653ghsax_refsource_MISCWEB
- www.mend.io/vulnerability-database/CVE-2021-4178ghsaWEB
News mentions
0No linked articles in our index yet.