Vulnerabilities > CVE-2021-25738 - Deserialization of Untrusted Data vulnerability in Kubernetes Java
Attack vector
LOCAL Attack complexity
LOW Privileges required
HIGH Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
Loading specially-crafted yaml with the Kubernetes Java Client library can lead to code execution.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
References
- http://www.openwall.com/lists/oss-security/2022/08/23/2
- http://www.openwall.com/lists/oss-security/2022/08/23/2
- https://github.com/kubernetes-client/java/issues/1698
- https://github.com/kubernetes-client/java/issues/1698
- https://groups.google.com/g/kubernetes-security-announce/c/K_pOK2WbAJk
- https://groups.google.com/g/kubernetes-security-announce/c/K_pOK2WbAJk