GHSA-cghx-9gcr-r42x

Source

https://github.com/advisories/GHSA-cghx-9gcr-r42x

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/01/GHSA-cghx-9gcr-r42x/GHSA-cghx-9gcr-r42x.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-cghx-9gcr-r42x

Aliases

CVE-2020-8570

Published

2021-01-29T18:12:54Z

Modified

2023-11-08T04:04:17.485667Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator

Summary

Path Traversal in the Java Kubernetes Client

Details

Kubernetes Java client libraries in version 10.0.0 and versions prior to 9.0.1 allow writes to paths outside of the current directory when copying multiple files from a remote pod which sends a maliciously crafted archive. This can potentially overwrite any files on the system of the process executing the client code.

Database specific

{
    "nvd_published_at": "2021-01-21T17:15:00Z",
    "github_reviewed_at": "2021-01-22T18:25:27Z",
    "severity": "HIGH",
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-22"
    ]
}

References

Affected packages

Maven / io.kubernetes:client-java

Package

Name: io.kubernetes:client-java; View open source insights on deps.dev
Purl: pkg:maven/io.kubernetes/client-java

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

9.0.2

Affected versions

0.*

0.1

0.2

1.*

1.0.0-beta1

1.0.0-beta2

1.0.0-beta3

1.0.0-beta4

1.0.0

2.*

2.0.0-beta1

2.0.0-beta2

2.0.0

3.*

3.0.0-beta1

3.0.0-beta2

3.0.0

4.*

4.0.0-beta1

4.0.0

5.*

5.0.0

6.*

6.0.1

7.*

7.0.0

8.*

8.0.0-alpha1

8.0.0

8.0.2

9.*

9.0.0

9.0.1

Maven / io.kubernetes:client-java

Package

Name: io.kubernetes:client-java; View open source insights on deps.dev
Purl: pkg:maven/io.kubernetes/client-java

Affected ranges

Type: ECOSYSTEM
Events: Introduced

10.0.0

Fixed

10.0.1

Affected versions

10.*

10.0.0