VYPR

Maven package

io.fabric8/kubernetes-client

pkg:maven/io.fabric8/kubernetes-client

Vulnerabilities (2)

  • CVE-2021-4178Aug 24, 2022
    affected >= 5.0.0-beta-1, < 5.0.3fixed 5.0.3

    A arbitrary code execution flaw was found in the Fabric 8 Kubernetes client affecting versions 5.0.0-beta-1 and above. Due to an improperly configured YAML parsing, this will allow a local and privileged attacker to supply malicious YAML.

  • CVE-2021-20218Mar 16, 2021
    affected >= 4.2.0, < 4.7.2fixed 4.7.2

    A flaw was found in the fabric8 kubernetes-client in version 4.2.0 and after. This flaw allows a malicious pod/container to cause applications using the fabric8 kubernetes-client `copy` command to extract files outside the working path. The highest threat from this vulnerability