EUVD-2022-2004

Malicious code in bioql PyPI...

Arbitrary File Write

github.com/kubernetes/kubernetes is vulnerable to arbitrary file write. The kubectl cp command does not safely process symlinks during unpacking, which would allow an attacker to unpack files outside of the destination directory...

CVE-2019-11246

The kubectl cp command allows copying files between containers and the user machine. To copy files from a container, Kubernetes runs tar inside the container to create a tar archive, copies it over the network, and kubectl unpacks it on the user’s machine. If the tar binary in the container is...

CVE-2019-11249

The kubectl cp command allows copying files between containers and the user machine. To copy files from a container, Kubernetes runs tar inside the container to create a tar archive, copies it over the network, and kubectl unpacks it on the user’s machine. If the tar binary in the container is...

Directory Traversal

github.com/kubernetes/kubernetes is vulnerable to directory traversal. The vulnerability exists in the untarAll function due to improper handling of symlinks which allows a remote attacker to replace files on a users workstation using kubectl cp command...

CVE-2018-1002100

In Kubernetes versions 1.5.x, 1.6.x, 1.7.x, 1.8.x, and prior to version 1.9.6, the kubectl cp command insecurely handles tar data returned from the container, and can be caused to overwrite arbitrary local files...