A arbitrary code execution flaw was found in the Fabric 8 Kubernetes client affecting versions 5.0.0-beta-1 and above. Due to an improperly configured YAML parsing, this will allow a local and privileged attacker to supply malicious YAML.
References
Link | Resource |
---|---|
https://access.redhat.com/security/cve/CVE-2021-4178 | Vendor Advisory |
https://bugzilla.redhat.com/show_bug.cgi?id=2034388 | Issue Tracking Vendor Advisory |
https://github.com/advisories/GHSA-98g7-rxmf-rrxm | Third Party Advisory |
https://github.com/fabric8io/kubernetes-client/issues/3653 | Issue Tracking Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: redhat
Published: 2022-08-24T15:02:11
Updated: 2022-08-24T15:02:11
Reserved: 2021-12-27T00:00:00
Link: CVE-2021-4178
JSON object: View
NVD Information
Status : Analyzed
Published: 2022-08-24T16:15:09.770
Modified: 2022-10-04T17:55:01.783
Link: CVE-2021-4178
JSON object: View
Redhat Information
No data.
CWE