EUVD-2025-0023

Malicious code in bioql PyPI...

CVE-2024-56514

Karmada is a Kubernetes management system that allows users to run cloud-native applications across multiple Kubernetes clusters and clouds. Prior to version 1.12.0, both in karmadactl and karmada-operator, it is possible to supply a filesystem path, or an HTTPs URL to retrieve the custom resourc...

Karmada Tar Slips in CRDs archive extraction

Impact What kind of vulnerability is it? Who is impacted? Both in karmadactl and karmada-operator, it is possible to supply a filesystem path, or an HTTPs URL to retrieve the custom resource definitionsCRDs needed by karmada. The CRDs are downloaded as a gzipped tarfile and are vulnerable to a...

PT-2025-1149 · Karmada +1 · Karmada +1

Name of the Vulnerable Software and Affected Versions: Karmada versions prior to 1.12.0 Description: Karmada is a Kubernetes management system that allows users to run cloud-native applications across multiple Kubernetes clusters and clouds. The system is vulnerable to a TarSlip vulnerability,...

karmada-io karmada 安全漏洞

Karmada is a Kubernete management system open-sourced by karmada-io. A security vulnerability exists in karmada-io karmada v1.9.0 and earlier versions, which stems from a vulnerability that allows a local attacker to execute arbitrary code via a crafted command...