-
Notifications
You must be signed in to change notification settings - Fork 1.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
CVE-2021-25738: Code exec via yaml parsing #1698
Comments
sijie
pushed a commit
to apache/pulsar
that referenced
this issue
Jun 18, 2021
### Motivation - address security vulnerability CVE-2021-25738 which has been reported as kubernetes-client/java#1698 ### Modifications - upgrade kubernetes client-java to 12.0.1
yangl
pushed a commit
to yangl/pulsar
that referenced
this issue
Jun 23, 2021
### Motivation - address security vulnerability CVE-2021-25738 which has been reported as kubernetes-client/java#1698 ### Modifications - upgrade kubernetes client-java to 12.0.1
codelipenghui
pushed a commit
to apache/pulsar
that referenced
this issue
Jun 25, 2021
### Motivation - address security vulnerability CVE-2021-25738 which has been reported as kubernetes-client/java#1698 ### Modifications - upgrade kubernetes client-java to 12.0.1 (cherry picked from commit 43f4e44)
1 task
bharanic-dev
pushed a commit
to bharanic-dev/pulsar
that referenced
this issue
Mar 18, 2022
### Motivation - address security vulnerability CVE-2021-25738 which has been reported as kubernetes-client/java#1698 ### Modifications - upgrade kubernetes client-java to 12.0.1
This issue was closed.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
A security issue was discovered in the Kubernetes Java client library where loading specially-crafted yaml can lead to code execution.
This issue has been rated Medium (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H), and assigned CVE-2021-25738.
Am I vulnerable?
If you process untrusted inputs with the Kubernetes Java Client you may be vulnerable to this issue.
Affected Versions
How do I mitigate this vulnerability?
Prior to upgrading, this vulnerability can be mitigated by validating inputs to the client.
Fixed Versions
Detection
If you find evidence that this vulnerability has been exploited, please contact security@kubernetes.io
Acknowledgements
This vulnerability was reported by Jordy Versmissen through our bug bounty.
The text was updated successfully, but these errors were encountered: