CVE-2021-4178

Summary

A arbitrary code execution flaw was found in the Fabric 8 Kubernetes client affecting versions 5.0.0-beta-1 and above. Due to an improperly configured YAML parsing, this will allow a local and privileged attacker to supply malicious YAML.

Affected Software

VendorProductVersion RangeStatus
n/akubernetes-clientAffects 5.x versions, Fixed in kubernetes-client v5.0.3 and above.affected

Weaknesses

  • CWE-502: CWE-502 - Deserialization of Untrusted Data

ADP Enrichment

CVE Program Container

Additional References

References