VYPR
High severity8.8OSV Advisory· Published Aug 20, 2024· Updated Apr 15, 2026

CVE-2024-42363

CVE-2024-42363

Description

Prior to 3385, the user-controlled role parameter enters the application in the Kubernetes::RoleVerificationsController. The role parameter flows into the RoleConfigFile initializer and then into the Kubernetes::Util.parse_file method where it is unsafely deserialized using the YAML.load_stream method. This issue may lead to Remote Code Execution (RCE). This vulnerability is fixed in 3385.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Zendesk/SamsonOSV2 versions
    v1000, v1001, v1002, …+ 1 more
    • (no CPE)range: v1000, v1001, v1002, …
    • (no CPE)range: <3385

Patches

Vulnerability mechanics

References

6

News mentions

0

No linked articles in our index yet.