{"id":"CVE-2021-20218","details":"A flaw was found in the fabric8 kubernetes-client in version 4.2.0 and after. This flaw allows a malicious pod/container to cause applications using the fabric8 kubernetes-client `copy` command to extract files outside the working path. The highest threat from this vulnerability is to integrity and system availability. This has been fixed in kubernetes-client-4.13.2 kubernetes-client-5.0.2 kubernetes-client-4.11.2 kubernetes-client-4.7.2","aliases":["GHSA-jwh2-ffg4-48xc"],"modified":"2026-04-10T04:35:55.721518Z","published":"2021-03-16T21:15:10.930Z","references":[{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1923405"},{"type":"FIX","url":"https://github.com/fabric8io/kubernetes-client/issues/2715"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/fabric8io/kubernetes-client","events":[{"introduced":"6a4ed988a3c7f013e5173cf69252a7272471535d"},{"fixed":"c9d712ecfa82d3537912bff5d108aa601e7f0109"},{"introduced":"53f70355d6b140ae4d25f0fe8704aee064fda5d7"},{"fixed":"fee2cb0813d2322f7476fb481ee745d54ad5d5ba"},{"introduced":"9dc84ecafba374b23324cff60bee56c53737315a"},{"fixed":"36e898e4ad08b1539535e55c3878c8a3602ffdbc"},{"introduced":"427919c5ae79ea7982f3a9d0a484e37e3ed0816b"},{"fixed":"1d1b3d404836871c4d0fc0a35dafe5d40369b519"},{"introduced":"0"},{"last_affected":"e9039a04503a140d60996bcae5931041f933ac89"},{"introduced":"0"},{"last_affected":"e9039a04503a140d60996bcae5931041f933ac89"},{"introduced":"0"},{"last_affected":"e9039a04503a140d60996bcae5931041f933ac89"}],"database_specific":{"versions":[{"introduced":"4.2.0"},{"fixed":"4.7.2"},{"introduced":"4.8.0"},{"fixed":"4.11.2"},{"introduced":"4.12.0"},{"fixed":"4.13.2"},{"introduced":"5.0.0"},{"fixed":"5.0.2"},{"introduced":"0"},{"last_affected":"7.0"},{"introduced":"0"},{"last_affected":"7.0.0"},{"introduced":"0"},{"last_affected":"7.0"}]}}],"versions":["1.0.0","kubernetes-client-1.1.0","kubernetes-client-1.2.0","kubernetes-client-1.2.1","kubernetes-client-1.2.2","kubernetes-client-project-1.3.15","kubernetes-client-project-1.3.16","kubernetes-client-project-1.3.17","kubernetes-client-project-1.3.18","kubernetes-client-project-1.3.19","kubernetes-client-project-1.3.20","kubernetes-client-project-1.3.21","kubernetes-client-project-1.3.22","kubernetes-client-project-1.3.24","kubernetes-client-project-1.3.25","kubernetes-client-project-1.3.26","kubernetes-client-project-1.3.27","kubernetes-client-project-1.3.29","kubernetes-client-project-1.3.41","kubernetes-pom-1.2.3","kubernetes-pom-1.2.4","kubernetes-pom-1.2.5","kubernetes-pom-1.3.0","kubernetes-pom-1.3.1","kubernetes-pom-1.3.10","kubernetes-pom-1.3.11","kubernetes-pom-1.3.12","kubernetes-pom-1.3.13","kubernetes-pom-1.3.14","kubernetes-pom-1.3.2","kubernetes-pom-1.3.3","kubernetes-pom-1.3.4","kubernetes-pom-1.3.5","kubernetes-pom-1.3.6","kubernetes-pom-1.3.7","kubernetes-pom-1.3.8","kubernetes-pom-1.3.9","v1.3.28","v1.3.30","v1.3.31","v1.3.32","v1.3.33","v1.3.34","v1.3.35","v1.3.36","v1.3.37","v1.3.38","v1.3.39","v1.3.40","v1.3.42","v1.3.43","v1.3.44","v1.3.45","v1.3.46","v1.3.47","v1.3.48","v1.3.49","v2.5.0","v4.10.0","v4.10.1","v4.10.2","v4.11.0","v4.11.1","v4.12.0","v4.13.0","v4.13.1","v4.4.1","v4.4.2","v4.5.0","v4.5.1","v4.7.0","v4.7.1","v4.8.0","v4.9.0","v4.9.1","v5.0.0","v5.0.1","v5.1.0","v5.1.1","v5.10.0","v5.10.1","v5.11.0","v5.11.1","v5.12.0","v5.2.0","v5.2.1","v5.3.0","v5.4.0","v5.5.0","v5.6.0","v5.7.0","v5.7.1","v5.7.2","v5.7.3","v5.8.0","v5.9.0","v6.0.0","v6.0.0-RC1","v6.1.0","v6.1.1","v6.10.0","v6.11.0","v6.12.0","v6.12.1","v6.13.0","v6.2.0","v6.3.0","v6.3.1","v6.4.0","v6.5.0","v6.5.1","v6.6.0","v6.6.1","v6.6.2","v6.7.0","v6.7.1","v6.7.2","v6.8.0","v6.9.0","v6.9.1","v6.9.2","v7.0.0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-20218.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"12.0"}]},{"events":[{"introduced":"0"},{"last_affected":"3.11"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H"}]}