kubernetes java client is vulnerable to arbitrary code execution. An attacker is able to execute arbtirary code on the host OS by loading malicious YAML files.
CPE | Name | Operator | Version |
---|---|---|---|
client-java | eq | 12.0.0 | |
client-java | le | 11.0.1 |
discuss.kubernetes.io/t/kubernetes-java-client-cve-2021-25738-code-exec-via-yaml-parsing/15932
github.com/kubernetes-client/java/issues/1698
github.com/kubernetes-client/java/pull/1676
github.com/kubernetes-client/java/pull/1691
github.com/kubernetes-client/java/pull/1692
groups.google.com/g/kubernetes-security-announce/c/K_pOK2WbAJk