VYPR

Kro

by Kubernetes Sigs

Source repositories

CVEs (1)

  • CVE-2025-48710MedJun 4, 2025
    risk 0.20cvss 4.1epss 0.00

    kro (Kube Resource Orchestrator) 0.1.0 before 0.2.1 allows users (with permission to create or modify ResourceGraphDefinition resources) to supply arbitrary container images. This can lead to a confused-deputy scenario where kro's controllers deploy and run attacker-controlled…