Lucene search

GoogleOSV:GHSA-F9JG-8P32-2F55

HistoryJan 08, 2022 - 12:00 a.m.

kubectl ANSI escape characters not filtered

2022-01-0800:00:21

Google

osv.dev

3.9 Low

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

22.8%

JSON

kubectl (k8s.io/kubernetes/pkg/kubectl) does not neutralize escape, meta or control sequences contained in the raw data it outputs to a terminal. This includes but is not limited to the unstructured string fields in objects such as Events.

CPENameOperatorVersion
k8s.io/kuberneteslt1.26.0-alpha.3

CPE	Name	Operator	Version
	k8s.io/kubernetes	lt	1.26.0-alpha.3

References

github.com/kubernetes/kubernetes

github.com/kubernetes/kubernetes/commit/dad0e937c0f76344363eb691b2668490ffef8537

github.com/kubernetes/kubernetes/issues/101695

github.com/kubernetes/kubernetes/pull/112553

nvd.nist.gov/vuln/detail/CVE-2021-25743

security.netapp.com/advisory/ntap-20220217-0003