GHSA-98g7-rxmf-rrxm

Source

https://github.com/advisories/GHSA-98g7-rxmf-rrxm

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/07/GHSA-98g7-rxmf-rrxm/GHSA-98g7-rxmf-rrxm.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-98g7-rxmf-rrxm

Aliases

CVE-2021-4178

Published

2022-07-15T05:17:35Z

Modified

2023-11-08T04:07:01.749423Z

Severity

6.7 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

fabric8 kubernetes-client vulnerable

Details

fabric8 Kubernetes client had an arbitrary code execution flaw in versions 5.0.0-beta-1 and higher. Attackers could potentially insert malicious YAMLs due to misconfigured YAML parsing.

References

Affected packages

Maven / io.fabric8:kubernetes-client

Package

Name: io.fabric8:kubernetes-client; View open source insights on deps.dev
Purl: pkg:maven/io.fabric8/kubernetes-client

Affected ranges

Type: ECOSYSTEM
Events: Introduced

5.0.0-beta-1

Fixed

5.0.3

Affected versions

5.*

5.0.0-beta-1

5.0.0

5.0.1

5.0.2

Maven / io.fabric8:kubernetes-client

Package

Name: io.fabric8:kubernetes-client; View open source insights on deps.dev
Purl: pkg:maven/io.fabric8/kubernetes-client

Affected ranges

Type: ECOSYSTEM
Events: Introduced

5.1.0

Fixed

5.1.2

Affected versions

5.*

5.1.0

5.1.1

Maven / io.fabric8:kubernetes-client

Package

Name: io.fabric8:kubernetes-client; View open source insights on deps.dev
Purl: pkg:maven/io.fabric8/kubernetes-client

Affected ranges

Type: ECOSYSTEM
Events: Introduced

5.2.0

Fixed

5.3.2

Affected versions

5.*

5.2.0

5.2.1

5.3.0

5.3.1

Maven / io.fabric8:kubernetes-client

Package

Name: io.fabric8:kubernetes-client; View open source insights on deps.dev
Purl: pkg:maven/io.fabric8/kubernetes-client

Affected ranges

Type: ECOSYSTEM
Events: Introduced

5.5.0

Fixed

5.7.4

Affected versions

5.*

5.5.0

5.6.0

5.7.0

5.7.1

5.7.2

5.7.3

Maven / io.fabric8:kubernetes-client

Package

Name: io.fabric8:kubernetes-client; View open source insights on deps.dev
Purl: pkg:maven/io.fabric8/kubernetes-client

Affected ranges

Type: ECOSYSTEM
Events: Introduced

5.8.0

Fixed

5.8.1

Affected versions

5.*

5.8.0

Maven / io.fabric8:kubernetes-client

Package

Name: io.fabric8:kubernetes-client; View open source insights on deps.dev
Purl: pkg:maven/io.fabric8/kubernetes-client

Affected ranges

Type: ECOSYSTEM
Events: Introduced

5.9.0

Fixed

5.10.2

Affected versions

5.*

5.9.0

5.10.0

5.10.1

Maven / io.fabric8:kubernetes-client

Package

Name: io.fabric8:kubernetes-client; View open source insights on deps.dev
Purl: pkg:maven/io.fabric8/kubernetes-client

Affected ranges

Type: ECOSYSTEM
Events: Introduced

5.11.0

Fixed

5.11.2

Affected versions

5.*

5.11.0

5.11.1