Kubernetes Java client libraries in version 10.0.0 and versions before 9.0.1 allow writes to paths outside of the current directory when copying multiple files from a remote pod which sends a maliciously crafted archive. This can potentially overwrite any files on the system of the process executing the client code.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
kubernetes java |