A arbitrary code execution flaw was found in the Fabric 8 Kubernetes client affecting versions 5.0.0-beta-1 and above. Due to an improperly configured YAML parsing, this will allow a local and privileged attacker to supply malicious YAML.
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HRed Hat A Mq Streams
APPRedhat2.0.1Red Hat Build Of Quarkus
APPRedhat2.2.5Red Hat Descision Manager
APPRedhat7.0Red Hat Fabric8 Kubernetes
APPRedhat5.0.05.8.05.11.0 β 5.11.2 (bez)5.0.1 β 5.0.3 (bez)5.1.0 β 5.1.2 (bez)5.2.0 β 5.3.2 (bez)5.5.0 β 5.7.4 (bez)5.9.0 β 5.10.2 (bez)Red Hat Fuse
APPRedhat7.11Red Hat Integration Camel K
APPRedhatwszystkie wersjeRed Hat Integration Camel Quarkus
APPRedhat2.2.1Red Hat Openshift Application Runtimes
APPRedhatwszystkie wersjeRed Hat Process Automation
APPRedhat7.0
π΅
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCEContainerDeserialization
References
Related vulnerabilities
CVE-2016-4437CRITICAL9.8β KEVten sam produkt
Apache Shiro before 1.2.5, when a cipher key has not been configured for the "remember me" feature, allows rem...
CVE-2015-1427CRITICAL9.8β KEVten sam produkt
The Groovy scripting engine in Elasticsearch before 1.3.8 and 1.4.x before 1.4.3 allows remote attackers to by...
CVE-2025-12543CRITICAL9.6PL βten sam produkt
Brak walidacji nagΕΓ³wka Host w serwerze Undertow HTTP
CVE-2022-4116CRITICAL9.8ten sam produkt
A vulnerability was found in quarkus. This security flaw happens in Dev UI Config Editor which is vulnerable t...
CVE-2019-14887CRITICAL9.1ten sam produkt
A flaw was found when an OpenSSL security provider is used with Wildfly, the 'enabled-protocols' value in the ...