Command Line Injection

2018-07-0909:08:43

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

0.004 Low

EPSS

Percentile

73.6%

JSON

github.com/kubernetes/kubernetes is vulnerable to command line injection attack. The vulnerability exists when mounting smb on windows where a command line injection attack can occur through values supplied by the environment variables.

CPENameOperatorVersion
github.com/kubernetes/kuberneteseq1.12.0-alpha.0
github.com/kubernetes/kuberneteseqHEAD
github.com/kubernetes/kubernetesle1.11.1
github.com/kubernetes/kubernetesle1.10.5
github.com/kubernetes/kubernetesle1.9.9

Name	Operator	Version
github.com/kubernetes/kubernetes	eq	1.12.0-alpha.0
github.com/kubernetes/kubernetes	eq	HEAD
github.com/kubernetes/kubernetes	le	1.11.1
github.com/kubernetes/kubernetes	le	1.10.5
github.com/kubernetes/kubernetes	le	1.9.9