RHCOS 4 : OpenShift Container Platform 4.7.5 (RHSA-2021:1006)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:1006 advisory. - golang: crypto/elliptic: incorrect operations on the P-224 curve CVE-2021-3114 - gogo/protobuf: plugin/unmarshal/unmarshal.go lack...

io.fabric8.fab.tests:fab-itests (=1.1.0.Beta3), io.quarkiverse.artemis:quarkus-test-artemis (>=3.12.0 <=3.12.1.CR1) +27 more potentially affected by CVE-2026-27446 via org.apache.artemis:artemis-server (>=2.50.0 <=2.51.0)

org.apache.artemis:artemis-server MAVEN version =2.50.0, =3.12.0, =2.50.0, =2.50.0, =2.50.0, =2.50.0, =2.50.0, =2.50.0, =2.50.0, =2.50.0, =2.50.0, =2.50.0, =2.50.0, =2.50.0, =2.50.0, =2.51.0 and more Source cves: CVE-2026-27446 Source advisory: OSV:GHSA-FW88-PF9M-P947...

EUVD-2022-5525

Malicious code in bioql PyPI...

EUVD-2022-4447

Malicious code in bioql PyPI...

io.fabric8.apps:apiman (>=2.2.9.1 <=2.2.19), io.fabric8.apps:distro (>=2.2.7 <=2.2.19) +6 more potentially affected by CVE-2022-36437 via io.apiman:apiman-gateway-platforms-vertx (=1.1.3.CR1)

io.apiman:apiman-gateway-platforms-vertx MAVEN version =1.1.3.CR1 is affected by a known vulnerability. The following packages have a transitive dependency on io.apiman:apiman-gateway-platforms-vertx and may be impacted: - io.fabric8.apps:apiman =2.2.9.1, =2.2.7, =2.2.9.1, =2.2.7, =2.2.7, =2.1.2,...

io.fabric8:fabric8-maven-plugin (=1.2.0.redhat-133), it.uniroma2.art.maple:maple-karaf-distribution (>=0.0.3 <=0.0.5) +2 more potentially affected by CVE-2022-40145 via org.apache.karaf:apache-karaf (>=4.4.1 <=4.4.11)

org.apache.karaf:apache-karaf MAVEN version =4.4.1, =0.0.3, =0.0.5 - org.apache.camel.karaf:camel-test-karaf =3.19.0 - org.apache.karaf.demos:web =4.1.7 Source cves: CVE-2022-40145 Source advisory: OSV:GHSA-C2P4-8MVV-RWMV...

kubernetes-client: Insecure deserialization in unmarshalYaml method

A arbitrary code execution flaw was found in the Fabric 8 Kubernetes client affecting versions 5.0.0-beta-1 and above. Due to an improperly configured YAML parsing, this will allow a local and privileged attacker to supply malicious YAML...

Arbitrary Code Execution

io.fabric8:kubernetes-client is vulnerable to arbitrary code execution. Misconfigured YAML parsing in unmarshalYaml function allows local authenticated attackers to execute arbitrary code on the target machine via a maliciously crafted YAML string...

fabric8 kubernetes-client vulnerable

fabric8 Kubernetes client had an arbitrary code execution flaw in versions 5.0.0-beta-1 and higher. Attackers could potentially insert malicious YAMLs due to misconfigured YAML parsing...

com.dajudge.kindcontainer:kindcontainer (=0.0.15), io.automatiko.quarkus:automatiko-operator (=0.10.0) +93 more potentially affected by CVE-2021-4178 via io.fabric8:kubernetes-client (=5.8.0)

io.fabric8:kubernetes-client MAVEN version =5.8.0 is affected by a known vulnerability. The following packages have a transitive dependency on io.fabric8:kubernetes-client and may be impacted: - com.dajudge.kindcontainer:kindcontainer =0.0.15 - io.automatiko.quarkus:automatiko-operator =0.10.0 -...

com.apothesource.fam.kubeint.itest:com.apothesource.fam.kubeint.itest.gradle.plugin (>=0.0.1 <=0.4.3), com.apothesource.fam:kubeint-gradle-plugin (>=0.0.1 <=0.4.3) +153 more potentially affected by CVE-2021-4178 via io.fabric8:kubernetes-client (>=5.2.0 <=5.3.1)

io.fabric8:kubernetes-client MAVEN version =5.2.0, =0.0.1, =0.0.1, =0.3.0, =0.4.0, =5.2.0, =5.3.0, =5.3.0, =5.3.0, =5.2.0, =5.2.0, =5.2.0, =5.2.0, =5.2.0, =5.2.0, =5.2.0, =5.3.1 and more Source cves: CVE-2021-4178 Source advisory: OSV:GHSA-98G7-RXMF-RRXM...

com.baidu.hugegraph:computer-k8s (>=0.1.0 <=0.1.3), com.baidu.hugegraph:computer-test (>=0.1.0 <=0.1.3) +152 more potentially affected by CVE-2021-4178 via io.fabric8:kubernetes-client (>=5.5.0 <=5.7.3)

io.fabric8:kubernetes-client MAVEN version =5.5.0, =0.1.0, =0.1.0, =0.0.13, =2.12.0, =1.96.0, =0.6.0, =0.6.0, =2.5.0, =2.5.0, =2.5.0, =2.6.0 and more Source cves: CVE-2021-4178 Source advisory: OSV:GHSA-98G7-RXMF-RRXM...

cz.xtf:builder (=0.25), cz.xtf:core (=0.25) +51 more potentially affected by CVE-2021-4178 via io.fabric8:kubernetes-client (>=5.11.0 <=5.11.1)

io.fabric8:kubernetes-client MAVEN version =5.11.0, =5.11.0, =5.11.0, =5.11.0, =5.11.0, =5.11.0, =5.11.0, =5.11.0, =5.11.0, =5.11.0, =5.11.0, =5.11.1 and more Source cves: CVE-2021-4178 Source advisory: OSV:GHSA-98G7-RXMF-RRXM...

GHSA-98G7-RXMF-RRXM fabric8 kubernetes-client vulnerable

fabric8 Kubernetes client had an arbitrary code execution flaw in versions 5.0.0-beta-1 and higher. Attackers could potentially insert malicious YAMLs due to misconfigured YAML parsing...

Security Bulletin: IBM Event Streams is vulnerable to arbitrary code execution due to the Fabric8 Kubernetes client (CVE-2021-4178)

Summary There is a vulnerability in the Fabric8 Kubernetes client. The library is used by IBM Event Streams. Vulnerability Details CVEID: CVE-2021-4178 DESCRIPTION: Fabric8 Kubernetes client could allow a local authenticated attacker to execute arbitrary code on the system, caused by an unsafe...

Improper Limitation of a Pathname to a Restricted Directory in Fabric8 Kubernetes Client

A flaw was found in the fabric8 kubernetes-client in version 4.2.0 and after. This flaw allows a malicious pod/container to cause applications using the fabric8 kubernetes-client copy command to extract files outside the working path. The highest threat from this vulnerability is to integrity and...

ai.h2o:sparkling-water-core_2.12 (>=3.32.1.2-1-3.1 <=3.36.0.2-1-3.1), ai.h2o:sparkling-water-doc_2.12 (>=3.34.0.3-1-3.1 <=3.36.0.2-1-3.1) +124 more potentially affected by CVE-2021-20218 via io.fabric8:kubernetes-client (>=4.12.0 <=4.13.1)

io.fabric8:kubernetes-client MAVEN version =4.12.0, =3.32.1.2-1-3.1, =3.34.0.3-1-3.1, =3.34.0.3-1-3.1, =3.34.0.3-1-3.1, =2.1.0, =2.7.0, =3.2.0, =2.17.1, =0.0.1, =0.0.12, =0.0.4, =0.0.3, =0.0.1, =1.0.2 and more Source cves: CVE-2021-20218 Source advisory: OSV:GHSA-JWH2-FFG4-48XC...

ai.h2o:sparkling-water-core_2.11 (>=3.32.0.1-2-2.1 <=3.36.0.2-1-2.4), ai.h2o:sparkling-water-doc_2.11 (>=3.34.0.3-1-2.2 <=3.36.0.2-1-2.4) +253 more potentially affected by CVE-2021-20218 via io.fabric8:kubernetes-client (>=4.2.0 <=4.7.1)

io.fabric8:kubernetes-client MAVEN version =4.2.0, =3.32.0.1-2-2.1, =3.34.0.3-1-2.2, =3.34.0.3-1-2.2, =3.34.0.3-1-2.2, =0.0.1, =1.9.51, =1.1.1, =7.4.1, =7.4.1play2.6, =23.1.0play2.7, =0.0.1, =0.0.1, =0.3.6, =0.2.0, =0.2.0, =0.3.9 and more Source cves: CVE-2021-20218 Source advisory: OSV:GHSA-JWH...

com.lightbend.akka:kube-actions_2.12 (>=0.0.0-1-5c26b172 <=0.1.1), com.lightbend.akka:kube-actions_2.13 (>=0.0.0-1-5c26b172 <=0.1.1) +141 more potentially affected by CVE-2021-20218 via io.fabric8:kubernetes-client (>=5.0.0 <=5.0.1)

io.fabric8:kubernetes-client MAVEN version =5.0.0, =0.0.0-1-5c26b172, =0.0.0-1-5c26b172, =0.0.1-back-to-core-20210504, =0.0.1-back-to-core-20210504, =0.0.1-back-to-core-20210504, =0.0.1-back-to-core-20210504, =0.0.1-back-to-core-20210504, =0.0.1-back-to-core-20210504, =0.0.1-back-to-core-20210504...

GHSA-JWH2-FFG4-48XC Improper Limitation of a Pathname to a Restricted Directory in Fabric8 Kubernetes Client

A flaw was found in the fabric8 kubernetes-client in version 4.2.0 and after. This flaw allows a malicious pod/container to cause applications using the fabric8 kubernetes-client copy command to extract files outside the working path. The highest threat from this vulnerability is to integrity and...