CVE-2021-25743

Summary

kubectl does not neutralize escape, meta or control sequences contained in the raw data it outputs to a terminal. This includes but is not limited to the unstructured string fields in objects such as Events.

Affected Software

VendorProductVersion RangeStatus
KubernetesKubernetesunspecified <= 1.23.1affected
KubernetesKubernetesnext of 1.23.1 < unspecifiedunknown
KubernetesKubernetesunspecified <= 1.22.5affected
KubernetesKubernetesnext of 1.22.5 < unspecifiedunknown
KubernetesKubernetesunspecified <= 1.21.8affected
KubernetesKubernetesnext of 1.21.8 < unspecifiedunknown
KubernetesKubernetesunspecified <= 1.20.14affected
KubernetesKubernetesnext of 1.20.14 < unspecifiedunknown

Weaknesses

  • CWE-150: CWE-150: Improper Neutralization of Escape, Meta, or Control Sequences

ADP Enrichment

CVE Program Container

Additional References

References