CVE-2021-25738

CVE-2021-25738: The vulnerability arises from loading specially crafted YAML via the Kubernetes Java Client library, enabling code execution. Connected documents consistently describe this YAML-loading path as the root cause and code execution outcome. The public data does not provide precise aff...

CVE-2021-25738 Code exec via yaml parsing

Loading specially-crafted yaml with the Kubernetes Java Client library can lead to code execution...

PT-2021-16765 · Unknown · Kubernetes Java Client Libraries

Name of the Vulnerable Software and Affected Versions: Kubernetes Java Client library affected versions not specified Description: Loading specially-crafted yaml with the Kubernetes Java Client library can lead to code execution. Recommendations: At the moment, there is no information about a new...

Arbitrary Code Execution

kubernetes java client is vulnerable to arbitrary code execution. An attacker is able to execute arbtirary code on the host OS by loading malicious YAML files...

CVE-2021-25738

Loading specially-crafted yaml with the Kubernetes Java Client library can lead to code execution...

Google Kubernetes 代码问题漏洞

Google Kubernetes is a set of open source Docker container cluster management system from the U.S. company Google Google. The system provides resource scheduling, deployment and operation, service discovery and scaling up and down for containerized applications. A code issue vulnerability exists ...

EulerOS Virtualization 3.0.6.6 : thrift (EulerOS-SA-2021-1457)

According to the versions of the thrift packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - In Apache Thrift 0.9.3 to 0.12.0, a server implemented in Go using TJSONProtocol or TSimpleJSONProtocol may panic when feed with...

CVE-2021-21331

The Java client for the Datadog API before version 1.0.0-beta.9 has a local information disclosure of sensitive information downloaded via the API using the API Client. The Datadog API is executed on a unix-like system with multiple users. The API is used to download a file containing sensitive...

Design/Logic Flaw

The Java client for the Datadog API before version 1.0.0-beta.9 has a local information disclosure of sensitive information downloaded via the API using the API Client. The Datadog API is executed on a unix-like system with multiple users. The API is used to download a file containing sensitive...

CVE-2021-21331

The CVE affects the Java Datadog API client prior to version 1.0.0-beta.9. The issue is a local information disclosure caused by a temporary file created with insecure permissions (-rw-r--r--) in the prepareDownloadFilecreates pathway, with downloaded content via downloadFileFromResponse exposed ...

Datadog API 安全漏洞

Github datadog-api-client-java is Github an open source application . Provides a JAVA API interface. Datadog API before version 1.0.0-beta.9 A security vulnerability exists in the Datadog API before version 1.0.0-beta.9, which stems from a local disclosure of sensitive information downloaded...

GHSA-CGHX-9GCR-R42X Path Traversal in the Java Kubernetes Client

Kubernetes Java client libraries in version 10.0.0 and versions prior to 9.0.1 allow writes to paths outside of the current directory when copying multiple files from a remote pod which sends a maliciously crafted archive. This can potentially overwrite any files on the system of the process...

CVE-2020-8570

Kubernetes Java client libraries in version 10.0.0 and versions prior to 9.0.1 allow writes to paths outside of the current directory when copying multiple files from a remote pod which sends a maliciously crafted archive. This can potentially overwrite any files on the system of the process...

CVE-2020-8570

Kubernetes Java client libraries in version 10.0.0 and versions prior to 9.0.1 allow writes to paths outside of the current directory when copying multiple files from a remote pod which sends a maliciously crafted archive. This can potentially overwrite any files on the system of the process...

Code injection

Kubernetes Java client libraries in version 10.0.0 and versions prior to 9.0.1 allow writes to paths outside of the current directory when copying multiple files from a remote pod which sends a maliciously crafted archive. This can potentially overwrite any files on the system of the process...

PT-2021-12794 · Unknown · Kubernetes Java Client Libraries

Name of the Vulnerable Software and Affected Versions: Kubernetes Java client libraries versions prior to 9.0.1 Kubernetes Java client libraries version 10.0.0 Description: The issue allows writes to paths outside of the current directory when copying multiple files from a remote pod that sends a...

CVE-2020-8570

Kubernetes Java client libraries in version 10.0.0 and versions prior to 9.0.1 allow writes to paths outside of the current directory when copying multiple files from a remote pod which sends a maliciously crafted archive. This can potentially overwrite any files on the system of the process...

Kubernetes path traversal vulnerability

Kubernetes is an open source Docker container cluster management system from the Linux Foundation. The system provides resource scheduling, deployment and operation, service discovery and scaling up and down for containerized applications. A security vulnerability exists in Kubernetes versions...

org.eclipse.paho.client.mqttv3: Improper hostname validation in the MQTT library

In the Eclipse Paho Java client library version 1.2.0, when connecting to an MQTT server using TLS and setting a host name verifier, the result of that verification is not checked. This could allow one MQTT server to impersonate another and provide the client library with incorrect information...

ai.grakn.kgms:client (=1.4.3), ai.grakn:client-java (>=1.3.0 <=1.4.3) +2008 more potentially affected by CVE-2020-17521 via org.codehaus.groovy:groovy (>=2.0.0 <=2.4.20)

org.codehaus.groovy:groovy MAVEN version =2.0.0, =1.3.0, =1.1.0, =1.0.0, =1.4.1, =0.17.0, =1.4.1, =1.0.0, =1.4.1, =1.2.0, =0.17.0, =0.17.0, =1.0.0, =1.0.0, =1.4.1, =v1.1.0-226-g847ecff2d8e26f249422247d7665fe15f07b1744 and more Source cves: CVE-2020-17521https://vulners.com/cv...