{"id":"CVE-2018-1002101","details":"In Kubernetes versions 1.9.0-1.9.9, 1.10.0-1.10.5, and 1.11.0-1.11.1, user input was handled insecurely while setting up volume mounts on Windows nodes, which could lead to command line argument injection.","aliases":["GHSA-wqwf-x5cj-rg56","GO-2022-0886"],"modified":"2026-03-23T05:06:03.536237Z","published":"2018-12-05T21:29:00.293Z","related":["CGA-9xgg-vcf9-qjh5","openSUSE-SU-2025:15424-1"],"references":[{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/106238"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20190416-0008/"},{"type":"FIX","url":"https://github.com/kubernetes/kubernetes/issues/65750"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/kubernetes/kubernetes","events":[{"introduced":"925c127ec6b946659ad0fd596fa959be43f0cc05"},{"last_affected":"57729ea3d9a1b75f3fc7bbbadc597ba707d47c8a"},{"introduced":"fc32d2f3698e36b93322a3465f63a14e9f0eaead"},{"last_affected":"32ac1c9073b132b8ba18aa830f46b77dcceb0723"},{"introduced":"91e7b4fd31fcd3d5f436da26c980becec37ceefe"},{"last_affected":"b1b29978270dc22fecc592ac55d903350454310a"}],"database_specific":{"versions":[{"introduced":"1.9.0"},{"last_affected":"1.9.9"},{"introduced":"1.10.0"},{"last_affected":"1.10.5"},{"introduced":"1.11.0"},{"last_affected":"1.11.1"}]}}],"versions":["v1.10.0","v1.10.1","v1.10.1-beta.0","v1.10.2","v1.10.2-beta.0","v1.10.3","v1.10.3-beta.0","v1.10.4","v1.10.4-beta.0","v1.10.5","v1.10.5-beta.0","v1.11.0","v1.11.1","v1.11.1-beta.0","v1.9.0","v1.9.1","v1.9.1-beta.0","v1.9.2","v1.9.2-beta.0","v1.9.3","v1.9.3-beta.0","v1.9.4","v1.9.4-beta.0","v1.9.5","v1.9.5-beta.0","v1.9.6","v1.9.6-beta.0","v1.9.7","v1.9.7-beta.0","v1.9.8","v1.9.8-beta.0","v1.9.9","v1.9.9-beta.0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-1002101.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}