Maven package
io.fabric8/kubernetes-client
pkg:maven/io.fabric8/kubernetes-client
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2021-4178 | — | >= 5.0.0-beta-1, < 5.0.3 | 5.0.3 | Aug 24, 2022 | A arbitrary code execution flaw was found in the Fabric 8 Kubernetes client affecting versions 5.0.0-beta-1 and above. Due to an improperly configured YAML parsing, this will allow a local and privileged attacker to supply malicious YAML. | ||
| CVE-2021-20218 | — | >= 4.2.0, < 4.7.2 | 4.7.2 | Mar 16, 2021 | A flaw was found in the fabric8 kubernetes-client in version 4.2.0 and after. This flaw allows a malicious pod/container to cause applications using the fabric8 kubernetes-client `copy` command to extract files outside the working path. The highest threat from this vulnerability |
- CVE-2021-4178Aug 24, 2022affected >= 5.0.0-beta-1, < 5.0.3fixed 5.0.3
A arbitrary code execution flaw was found in the Fabric 8 Kubernetes client affecting versions 5.0.0-beta-1 and above. Due to an improperly configured YAML parsing, this will allow a local and privileged attacker to supply malicious YAML.
- CVE-2021-20218Mar 16, 2021affected >= 4.2.0, < 4.7.2fixed 4.7.2
A flaw was found in the fabric8 kubernetes-client in version 4.2.0 and after. This flaw allows a malicious pod/container to cause applications using the fabric8 kubernetes-client `copy` command to extract files outside the working path. The highest threat from this vulnerability