CVE-2021-25738

Опубликовано: 11 окт. 2021

Источник: nvd

CVSS3: 6.7

CVSS2: 4.6

EPSS Низкий

Описание

Loading specially-crafted yaml with the Kubernetes Java Client library can lead to code execution.

Ссылки

http://www.openwall.com/lists/oss-security/2022/08/23/2
Mailing List
Third Party Advisory
https://github.com/kubernetes-client/java/issues/1698
Issue Tracking
Third Party Advisory
https://groups.google.com/g/kubernetes-security-announce/c/K_pOK2WbAJk
Mailing List
Third Party Advisory
http://www.openwall.com/lists/oss-security/2022/08/23/2
Mailing List
Third Party Advisory
https://github.com/kubernetes-client/java/issues/1698
Issue Tracking
Third Party Advisory
https://groups.google.com/g/kubernetes-security-announce/c/K_pOK2WbAJk
Mailing List
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:kubernetes:java:*:*:*:*:*:*:*:*

Версия до 9.0.2 (включая)

cpe:2.3:a:kubernetes:java:*:*:*:*:*:*:*:*

Версия от 10.0.0 (включая) до 10.0.1 (включая)

cpe:2.3:a:kubernetes:java:*:*:*:*:*:*:*:*

Версия от 11.0.0 (включая) до 11.0.1 (исключая)

EPSS

Процентиль: 31%

0.00116

Низкий

6.7 Medium

CVSS3

4.6 Medium

CVSS2

Дефекты

CWE-20

CWE-502

Связанные уязвимости

CVE-2021-25738

CVSS3: 6.7

redhat

больше 4 лет назад

Loading specially-crafted yaml with the Kubernetes Java Client library can lead to code execution.

GHSA-m8wh-mqgf-rr8g

CVSS3: 6.7

github

больше 4 лет назад

Code injection in Kubernetes Java Client

EPSS

Процентиль: 31%

0.00116

Низкий

6.7 Medium

CVSS3

4.6 Medium

CVSS2

Дефекты

CWE-20

CWE-502