Unknown · Fabric 8 Kubernetes Client · CVE-2021-20218
Name of the Vulnerable Software and Affected Versions:
fabric8 kubernetes-client versions 4.2.0 and after
Description:
A flaw was found in the fabric8 kubernetes-client that allows a malicious pod/container to cause applications using the fabric8 kubernetes-client `copy` command to extract files outside the working path. The highest threat from this vulnerability is to integrity and system availability.
Recommendations:
For versions prior to 4.7.2, update to kubernetes-client-4.7.2.
For versions prior to 4.11.2, update to kubernetes-client-4.11.2.
For versions prior to 4.13.2, update to kubernetes-client-4.13.2.
For versions prior to 5.0.2, update to kubernetes-client-5.0.2.