GHSA-f9jg-8p32-2f55
Suggest an improvement- Source
- https://github.com/advisories/GHSA-f9jg-8p32-2f55
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/01/GHSA-f9jg-8p32-2f55/GHSA-f9jg-8p32-2f55.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/GHSA-f9jg-8p32-2f55
- Aliases
- Related
- Published
- 2022-01-08T00:00:21Z
- Modified
- 2024-09-11T06:13:38.625678Z
- Severity
-
- 3.0 (Low) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:N CVSS Calculator
- Summary
- kubectl ANSI escape characters not filtered
- Details
-
kubectl (k8s.io/kubernetes/pkg/kubectl) does not neutralize escape, meta or control sequences contained in the raw data it outputs to a terminal. This includes but is not limited to the unstructured string fields in objects such as Events.
- Database specific
{ "github_reviewed_at": "2022-09-07T23:58:59Z", "severity": "LOW", "github_reviewed": true, "cwe_ids": [ "CWE-150" ], "nvd_published_at": "2022-01-07T00:15:00Z" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2021-25743
- https://github.com/kubernetes/kubernetes/issues/101695
- https://github.com/kubernetes/kubernetes/pull/112553
- https://github.com/kubernetes/kubernetes/commit/dad0e937c0f76344363eb691b2668490ffef8537
- https://github.com/kubernetes/kubernetes
- https://security.netapp.com/advisory/ntap-20220217-0003
Affected packages
Go / k8s.io/kubernetes
Package
- Name
- k8s.io/kubernetes
- View open source insights on deps.dev
- Purl
- pkg:golang/k8s.io/kubernetes