Andyzhangx

**Name of the Vulnerable Software and Affected Versions** Kubernetes versions 1.9.0 through 1.9.9 Kubernetes versions 1.10.0 through 1.10.5 Kubernetes versions 1.11.0 through 1.11.1 **Description** The issue is related to insecure handling of user input when setting up volume mounts on Windows nodes, which could lead to command line argument injection. This allows a remote attacker to execute arbitrary operating system commands. The vulnerability is associated with the failure to neutralize special elements used in operating system commands. **Recommendations** For Kubernetes versions 1.9.0 through 1.9.9, update to a version outside of this range to mitigate the risk. For Kubernetes versions 1.10.0 through 1.10.5, update to a version outside of this range to mitigate the risk. For Kubernetes versions 1.11.0 through 1.11.1, update to a version outside of this range to mitigate the risk. As a temporary workaround, consider restricting the setup of volume mounts on Windows nodes until a patch is available.