4 matches found
CVE-2023-44392
Garden provides automation for Kubernetes development and testing. Prior tov ersions 0.13.17 and 0.12.65, Garden has a dependency on the cryo library, which is vulnerable to code injection due to an insecure implementation of deserialization. Garden stores serialized objects using cryo in the...
CVE-2023-44392
creationtimestamp| type| source ---|---|--- 2023-10-10 00:16:14+00:00| seen| https://t.me/cibsecurity/71870...
CVE-2023-44392
CVE-2023-44392 affects Garden prior to versions 0.13.17 (Bonsai) and 0.12.65 (Acorn). The vulnerability arises from the cryo library’s insecure deserialization, used by Garden to cache test/run results in Kubernetes ConfigMaps named with prefixes like test-result and run-result stored in either t...
CVE-2023-44392 Arbitrary code execution vulnerability when using shared Kubernetes cluster
Garden provides automation for Kubernetes development and testing. Prior tov ersions 0.13.17 and 0.12.65, Garden has a dependency on the cryo library, which is vulnerable to code injection due to an insecure implementation of deserialization. Garden stores serialized objects using cryo in the...