Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

github логотип

GHSA-jwh2-ffg4-48xc

Опубликовано: 24 мая 2022
Источник: github
Github: Прошло ревью
CVSS3: 7.4

Описание

Improper Limitation of a Pathname to a Restricted Directory in Fabric8 Kubernetes Client

A flaw was found in the fabric8 kubernetes-client in version 4.2.0 and after. This flaw allows a malicious pod/container to cause applications using the fabric8 kubernetes-client copy command to extract files outside the working path. The highest threat from this vulnerability is to integrity and system availability. This has been fixed in kubernetes-client-4.13.2 kubernetes-client-5.0.2 kubernetes-client-4.11.2 kubernetes-client-4.7.2

Ссылки

Пакеты

Наименование

io.fabric8:kubernetes-client

maven
Затронутые версииВерсия исправления

>= 4.2.0, <= 4.7.1

4.7.2

Наименование

io.fabric8:kubernetes-client

maven
Затронутые версииВерсия исправления

>= 4.8.0, <= 4.11.1

4.11.2

Наименование

io.fabric8:kubernetes-client

maven
Затронутые версииВерсия исправления

>= 4.12.0, <= 4.13.1

4.13.2

Наименование

io.fabric8:kubernetes-client

maven
Затронутые версииВерсия исправления

>= 5.0.0, <= 5.0.1

5.0.2

EPSS

Процентиль: 69%
0.00594
Низкий

7.4 High

CVSS3

CVE ID

CVE-2021-20218

Дефекты

CWE-22

Связанные уязвимости

redhat логотип

CVE-2021-20218

CVSS3: 7.4
redhat
около 5 лет назад

A flaw was found in the fabric8 kubernetes-client in version 4.2.0 and after. This flaw allows a malicious pod/container to cause applications using the fabric8 kubernetes-client `copy` command to extract files outside the working path. The highest threat from this vulnerability is to integrity and system availability. This has been fixed in kubernetes-client-4.13.2 kubernetes-client-5.0.2 kubernetes-client-4.11.2 kubernetes-client-4.7.2

nvd логотип

CVE-2021-20218

CVSS3: 7.4
nvd
почти 5 лет назад

A flaw was found in the fabric8 kubernetes-client in version 4.2.0 and after. This flaw allows a malicious pod/container to cause applications using the fabric8 kubernetes-client `copy` command to extract files outside the working path. The highest threat from this vulnerability is to integrity and system availability. This has been fixed in kubernetes-client-4.13.2 kubernetes-client-5.0.2 kubernetes-client-4.11.2 kubernetes-client-4.7.2

EPSS

Процентиль: 69%
0.00594
Низкий

7.4 High

CVSS3

CVE ID

CVE-2021-20218

Дефекты

CWE-22