CVE-2021-25738
Description
Loading specially-crafted yaml with the Kubernetes Java Client library can lead to code execution.
CWE
- CWE-20 — CWE-20 Improper Input Validation
Affected
- Kubernetes / Kubernetes Java Client — v=v12.0.0 [affected]; v=unspecified ≤v11.0.1 [affected]; v=unspecified ≤v10.0.1 [affected]; v=unspecified ≤v9.0.2 [affected]
CVSS
- 3.1 score=6.7 severity=MEDIUM
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
References
- https://groups.google.com/g/kubernetes-security-announce/c/K_pOK2WbAJk x_refsource_MISC
- https://github.com/kubernetes-client/java/issues/1698 x_refsource_MISC
- http://www.openwall.com/lists/oss-security/2022/08/23/2 mailing-list, x_refsource_MLIST
Source
cvelistV5-main/cves/2021/25xxx/CVE-2021-25738.json