Arbitrary Code Exec in Fabric8 K8s Client 5.0.0+ via Malicious YAML
CVE-2021-4178 Published on August 24, 2022

A arbitrary code execution flaw was found in the Fabric 8 Kubernetes client affecting versions 5.0.0-beta-1 and above. Due to an improperly configured YAML parsing, this will allow a local and privileged attacker to supply malicious YAML.

NVD

Weakness Type

What is a Marshaling, Unmarshaling Vulnerability?

The application deserializes untrusted data without sufficiently verifying that the resulting data will be valid.

CVE-2021-4178 has been classified to as a Marshaling, Unmarshaling vulnerability or weakness.

Products Associated with CVE-2021-4178

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2021-4178 are published in these products:

Red Hat Fabric8 Kubernetes

Red Hat Process Automation

Red Hat Openshift Application Runtimes

Red Hat Descision Manager

Red Hat Integration Camel K

Red Hat A Mq Streams

Red Hat Fuse

Red Hat Integration Camel Quarkus

Red Hat Build Of Quarkus

Exploit Probability

EPSS

0.10%

Percentile

26.68%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

Arbitrary Code Exec in Fabric8 K8s Client 5.0.0+ via Malicious YAMLCVE-2021-4178 Published on August 24, 2022

Weakness Type

What is a Marshaling, Unmarshaling Vulnerability?

Products Associated with CVE-2021-4178

Exploit Probability

Arbitrary Code Exec in Fabric8 K8s Client 5.0.0+ via Malicious YAML
CVE-2021-4178 Published on August 24, 2022