GO-2025-3522
- Source
- https://pkg.go.dev/vuln/GO-2025-3522
- Import Source
- https://vuln.go.dev/ID/GO-2025-3522.json
- JSON Data
- https://api.osv.dev/v1/vulns/GO-2025-3522
- Aliases
-
- CVE-2024-9042
- GHSA-vv39-3w5q-974q
- Published
- 2025-03-25T19:38:11Z
- Modified
- 2025-08-05T19:57:40Z
- Summary
- Kubernetes allows Command Injection affecting Windows nodes via nodes/*/logs/query API in k8s.io/kubernetes
- Details
-
Kubernetes allows Command Injection affecting Windows nodes via nodes/*/logs/query API in k8s.io/kubernetes
- Database specific
{ "url": "https://pkg.go.dev/vuln/GO-2025-3522", "review_status": "REVIEWED" }- References
-
- https://github.com/advisories/GHSA-vv39-3w5q-974q
- http://www.openwall.com/lists/oss-security/2025/01/16/1
- https://github.com/kubernetes/kubernetes/commit/45f4ccc2153bbb782253704cbe24c05e22b5d60c
- https://github.com/kubernetes/kubernetes/commit/5fe148234f8ab1184f26069c4f7bef6c37efe347
- https://github.com/kubernetes/kubernetes/commit/75c83a6871dc030675288c6d63c275a43c2f0d55
- https://github.com/kubernetes/kubernetes/commit/fb0187c2bf7061258bb89891edb1237261eb7abc
- https://github.com/kubernetes/kubernetes/issues/129654
- https://groups.google.com/g/kubernetes-security-announce/c/9C3vn6aCSVg
Affected packages
Go / k8s.io/kubernetes
Package
- Name
- k8s.io/kubernetes
- View open source insights on deps.dev
- Purl
- pkg:golang/k8s.io/kubernetes