MEDIUM🇬🇧 English

CVE-2021-4178

CVSS 6.7v3.1pub. 2022-08-24upd. 2024-11-21

A arbitrary code execution flaw was found in the Fabric 8 Kubernetes client affecting versions 5.0.0-beta-1 and above. Due to an improperly configured YAML parsing, this will allow a local and privileged attacker to supply malicious YAML.

oryginał EN
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
  • Red Hat A Mq Streams

    APP
    Redhat
    2.0.1
  • Red Hat Build Of Quarkus

    APP
    Redhat
    2.2.5
  • Red Hat Descision Manager

    APP
    Redhat
    7.0
  • Red Hat Fabric8 Kubernetes

    APP
    Redhat
    5.0.05.8.05.11.0 – 5.11.2 (bez)5.0.1 – 5.0.3 (bez)5.1.0 – 5.1.2 (bez)5.2.0 – 5.3.2 (bez)5.5.0 – 5.7.4 (bez)5.9.0 – 5.10.2 (bez)
  • Red Hat Fuse

    APP
    Redhat
    7.11
  • Red Hat Integration Camel K

    APP
    Redhat
    wszystkie wersje
  • Red Hat Integration Camel Quarkus

    APP
    Redhat
    2.2.1
  • Red Hat Openshift Application Runtimes

    APP
    Redhat
    wszystkie wersje
  • Red Hat Process Automation

    APP
    Redhat
    7.0
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
RCEContainerDeserialization
CWE
Referencje

Powiązane podatności

CVE-2016-4437CRITICAL9.8⚠ KEVten sam produkt

Apache Shiro before 1.2.5, when a cipher key has not been configured for the "remember me" feature, allows rem...

CVE-2015-1427CRITICAL9.8⚠ KEVten sam produkt

The Groovy scripting engine in Elasticsearch before 1.3.8 and 1.4.x before 1.4.3 allows remote attackers to by...

CVE-2025-12543CRITICAL9.6PL ✓ten sam produkt

Brak walidacji nagłówka Host w serwerze Undertow HTTP

CVE-2022-4116CRITICAL9.8ten sam produkt

A vulnerability was found in quarkus. This security flaw happens in Dev UI Config Editor which is vulnerable t...

CVE-2019-14887CRITICAL9.1ten sam produkt

A flaw was found when an OpenSSL security provider is used with Wildfly, the 'enabled-protocols' value in the ...