CVE-2021-20218
published 2021-03-16CVE-2021-20218: A flaw was found in the fabric8 kubernetes-client in version 4.2.0 and after. This flaw allows a malicious pod/container to cause applications using the…
high7.4CVSS 3.1
AVNACHPRNUINSUCNIHAH
A flaw was found in the fabric8 kubernetes-client in version 4.2.0 and after. This flaw allows a malicious pod/container to cause applications using the fabric8 kubernetes-client `copy` command to extract files outside the working path. The highest threat from this vulnerability is to integrity and system availability. This has been fixed in kubernetes-client-4.13.2 kubernetes-client-5.0.2 kubernetes-client-4.11.2 kubernetes-client-4.7.2
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| redhat | codeready_studio | — | — |
| redhat | descision_manager | — | — |
| redhat | jboss_fuse | — | — |
| redhat | kubernetes-client | >= 4.12.0 < 4.13.2 | 4.13.2 |
| redhat | kubernetes-client | >= 4.2.0 < 4.7.2 | 4.7.2 |
| redhat | kubernetes-client | >= 4.8.0 < 4.11.2 | 4.11.2 |
| redhat | kubernetes-client | >= 5.0.0 < 5.0.2 | 5.0.2 |
| redhat | openshift_container_platform | — | — |
| redhat | process_automation | — | — |