Lucene search
J0vH1:1167773HistoryApr 18, 2021 - 1:12 p.m.
Kubernetes: Loading YAML in Java client can lead to command execution
2021-04-1813:12:57
j0v
hackerone.com
$1000
14
0.0004 Low
EPSS
Percentile
15.9%
The io.kubernetes.client.util.Yaml file in the Kubernetes client library for Java uses a popular library SnakeYAML to serialize and deserialize YAML. The library has a feature which makes it possible to initiate instances of Java classes by using a YAML tag like !!some.Class [ “argument1” ]. More info about this feature can be found in the docs. This can be used to execute arbitrary code during the deserialization of a YAML file.
I wrote a small post about this report on my blog, you can find it here: https://j0vsec.com/post/cve-2021-25738/
Related
veracode
veracode
Arbitrary Code Execution
2021-05-19 04:07:50
osv
osv
Code injection in Kubernetes Java Client
2021-10-12 17:50:25
CVE-2021-25738
2021-10-11 19:15:07
cvelist
cvelist
CVE-2021-25738 Code exec via yaml parsing
2021-05-17 00:00:00
nvd
nvd
CVE-2021-25738
2021-10-11 19:15:07
github
github
Code injection in Kubernetes Java Client
2021-10-12 17:50:25
prion
prion
Remote code execution
2021-10-11 19:15:00
cve
cve
CVE-2021-25738
2021-10-11 19:15:07
redhatcve
redhatcve
CVE-2021-25738
2021-05-19 00:26:21
nessus
nessus
photon
photon
Critical Photon OS Security Update - PHSA-2023-4.0-0413
2023-06-19 00:00:00