SUSE CVE-2025-67508

gardenctl is a command-line client for the Gardener which configures access to clusters and cloud provider CLI tools. When using non-POSIX shells such as Fish and PowerShell, versions 2.11.0 and below of gardenctl allow an attacker with administrative privileges for a Gardener project to craft...

CVE-2025-67508

gardenctl is a command-line client for the Gardener which configures access to clusters and cloud provider CLI tools. When using non‑POSIX shells such as Fish and PowerShell, versions 2.11.0 and below of gardenctl allow an attacker with administrative privileges for a Gardener project to craft...

CVE-2025-67508

gardenctl is a command-line client for the Gardener which configures access to clusters and cloud provider CLI tools. When using non‑POSIX shells such as Fish and PowerShell, versions 2.11.0 and below of gardenctl allow an attacker with administrative privileges for a Gardener project to craft...

CVE-2025-67508 gardenctl is vulnerable to Command Injection when used with non‑POSIX shells

gardenctl is a command-line client for the Gardener which configures access to clusters and cloud provider CLI tools. When using non‑POSIX shells such as Fish and PowerShell, versions 2.11.0 and below of gardenctl allow an attacker with administrative privileges for a Gardener project to craft...

CVE-2025-67508 gardenctl is vulnerable to Command Injection when used with non‑POSIX shells

gardenctl is a command-line client for the Gardener which configures access to clusters and cloud provider CLI tools. When using non‑POSIX shells such as Fish and PowerShell, versions 2.11.0 and below of gardenctl allow an attacker with administrative privileges for a Gardener project to craft...

CVE-2025-67508

CVE-2025-67508 affects gardenctl-v2 (gardenctl) ≤ 2.11.0. When used with non-POSIX shells (e.g., Fish, PowerShell), an attacker with administrative Gardener project privileges can craft malicious credential values that cause infrastructure Secret objects to break out of string context, enabling c...

CVE-2025-67508 gardenctl is vulnerable to Command Injection when used with non‑POSIX shells

gardenctl is a command-line client for the Gardener which configures access to clusters and cloud provider CLI tools. When using non‑POSIX shells such as Fish and PowerShell, versions 2.11.0 and below of gardenctl allow an attacker with administrative privileges for a Gardener project to craft...

gardenctl-v2 命令注入漏洞

gardenctl-v2 is an open source command line client for Gardener. A command injection vulnerability exists in gardenctl-v2 that stems from a non-POSIX shell environment that can forge credential values, potentially leading to credential disclosure...

GHSA-FW33-QPX7-RHX2 gardenctl is vulnerable to Command Injection when used with non‑POSIX shells

A security vulnerability was discovered in gardenctl when it is used with non‑POSIX shells such as Fish and PowerShell. Such setup could allow an attacker with administrative privileges for a Gardener project to craft malicious credential values in infrastructure Secret objects that break out of...

Code Injection

Gardener Extensions is vulnerable to Code Injection. The vulnerability is due to improper handling of user-controlled input in Terraformer-based infrastructure provisioning across AWS, Azure, OpenStack, and GCP providers, which allows an attacker with administrative privileges in a Gardener proje...

SUSE CVE-2025-59823

Project Gardener implements the automated management and operation of Kubernetes clusters as a service. Code injection may be possible in Gardener Extensions for AWS providers prior to version 1.64.0, Azure providers prior to version 1.55.0, OpenStack providers prior to version 1.49.0, and GCP...

GO-2025-3981 Gardener provider extensions vulnerable to code injection when Terraform is used for infrastructure provisioning in github.com/gardener/gardener-extension-provider-aws

Gardener provider extensions vulnerable to code injection when Terraform is used for infrastructure provisioning in github.com/gardener/gardener-extension-provider-aws...

EUVD-2019-4090

Malware in sbrugna...

EUVD-2018-14330

Malware in sbrugna...

EUVD-2025-15744

Malicious code in bioql PyPI...

EUVD-2025-31113

Malicious code in bioql PyPI...

EUVD-2025-28080

Malicious code in bioql PyPI...

CVE-2025-59823

Project Gardener implements the automated management and operation of Kubernetes clusters as a service. Code injection may be possible in Gardener Extensions for AWS providers prior to version 1.64.0, Azure providers prior to version 1.55.0, OpenStack providers prior to version 1.49.0, and GCP...

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection via the Terraformer process. An attacker can execute arbitrary code with elevated privileges by injecting malicious Terraform configurations during infrastructure provisioning. Note: This is only exploitable if ...

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection via the Terraformer process. An attacker can execute arbitrary code with elevated privileges by injecting malicious Terraform configurations during infrastructure provisioning. Note: This is only exploitable if ...