Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

CVE-2020-8570: Path Traversal bug in the Java Kubernetes Client #1491

Closed
brendandburns opened this issue Jan 11, 2021 · 1 comment
Closed

CVE-2020-8570: Path Traversal bug in the Java Kubernetes Client #1491

brendandburns opened this issue Jan 11, 2021 · 1 comment

Comments

@brendandburns
Copy link
Contributor

There is a defect in the copy implementation in Copy.java that was fixed in #1450

The summary of the issue is that you copy a file from a malicious pod with a specially crafted tarball, it may extract to any file that your user has permission to write.

This issue was fixed in release 9.0.2, 10.0.1 and 11.0.0 users are strongly encouraged to upgrade to those versions.
@ibodrov ibodrov mentioned this issue Jan 12, 2021
Closed
@brendandburns
Copy link
Contributor Author

Closing this issue since patch releases are out there.

@mend-for-github-com mend-for-github-com bot mentioned this issue Aug 11, 2021
Open
1 task
# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@brendandburns