CVE-2021-25738

Summary

Loading specially-crafted yaml with the Kubernetes Java Client library can lead to code execution.

Affected Software

VendorProductVersion RangeStatus
KubernetesKubernetes Java Clientv12.0.0affected
KubernetesKubernetes Java Clientunspecified <= v11.0.1affected
KubernetesKubernetes Java Clientunspecified <= v10.0.1affected
KubernetesKubernetes Java Clientunspecified <= v9.0.2affected

Weaknesses

  • CWE-20: CWE-20 Improper Input Validation

ADP Enrichment

CVE Program Container

Additional References

References