GHSA-2jq6-ffph-p4h8
Suggest an improvement- Source
- https://github.com/advisories/GHSA-2jq6-ffph-p4h8
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-2jq6-ffph-p4h8/GHSA-2jq6-ffph-p4h8.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-2jq6-ffph-p4h8
- Aliases
- Published
- 2022-05-13T01:35:04Z
- Modified
- 2024-08-20T20:59:00.621664Z
- Severity
-
- 5.5 (Medium) CVSS_V3 - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
- Summary
- Kubernetes arbitrary file overwrite
- Details
-
In Kubernetes versions 1.5.x, 1.6.x, 1.7.x, 1.8.x, and prior to version 1.9.6, the kubectl cp command insecurely handles tar data returned from the container, and can be caused to overwrite arbitrary local files.
- Database specific
{ "nvd_published_at": "2018-06-02T01:29:00Z", "cwe_ids": [ "CWE-20" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2023-07-21T21:50:42Z" }- References
Affected packages
Go / k8s.io/kubernetes
Package
- Name
- k8s.io/kubernetes
- View open source insights on deps.dev
- Purl
- pkg:golang/k8s.io/kubernetes