The io.kubernetes.client.util.Yaml file in the Kubernetes client library for Java uses a popular library SnakeYAML to serialize and deserialize YAML. The library has a feature which makes it possible to initiate instances of Java classes by using a YAML tag like !!some.Class [ “argument1” ]. More info about this feature can be found in the docs. This can be used to execute arbitrary code during the deserialization of a YAML file.
I wrote a small post about this report on my blog, you can find it here: https://j0vsec.com/post/cve-2021-25738/