{"id":"CVE-2021-4178","details":"A arbitrary code execution flaw was found in the Fabric 8 Kubernetes client affecting versions 5.0.0-beta-1 and above. Due to an improperly configured YAML parsing, this will allow a local and privileged attacker to supply malicious YAML.","aliases":["GHSA-98g7-rxmf-rrxm"],"modified":"2026-04-10T04:38:43.793190Z","published":"2022-08-24T16:15:09.770Z","related":["GHSA-98g7-rxmf-rrxm"],"references":[{"type":"ADVISORY","url":"https://access.redhat.com/security/cve/CVE-2021-4178"},{"type":"ADVISORY","url":"https://github.com/advisories/GHSA-98g7-rxmf-rrxm"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2034388"},{"type":"REPORT","url":"https://github.com/fabric8io/kubernetes-client/issues/3653"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/fabric8io/kubernetes-client","events":[{"introduced":"f000ac9194723781fe8c9c24fcf5bf58498bb260"},{"fixed":"0fa9285f03abe2c8d27a551dc0a0192f7a68b61e"},{"introduced":"1a59e3bd1f5e63bf984f4f5bbdcbe376cf1704f1"},{"fixed":"bdcb8f7bfd905523b8b58fd4e3330a02dd82cbfb"},{"introduced":"faf7555f4f15681452ac3b42cce557e2e73ba7fa"},{"fixed":"930aa487f848cdb7ba9c3cf9fe4904c1a843179f"},{"introduced":"65d13c08b527495d658c94017c88de248110cb82"},{"fixed":"11a73980ed4a49e5bbe3e729414760fb5c8bcadc"},{"introduced":"5f5c8d3f76375ffc0bccfc3c4f417beaac031024"},{"fixed":"23db4301478e74dac7154af70907bf98f2936ff5"},{"introduced":"109675fc7f4d1fa84ea445ad369eb1261b76a0cf"},{"fixed":"5e096210f7236a1c7d4954c35b8d410eb98730aa"},{"introduced":"0"},{"last_affected":"c1f843ca0effb2212cae34f6bdc09b6b1c29b09f"},{"introduced":"0"},{"last_affected":"c5c507f11f1883b12be84ed0bae26ca3c6b75aa9"},{"introduced":"0"},{"last_affected":"d1aeb6dea11a64d7444096df40ec9c7f7ce76ded"},{"introduced":"0"},{"last_affected":"e9039a04503a140d60996bcae5931041f933ac89"},{"introduced":"0"},{"last_affected":"7f200449450b942609115d3ab6ca7d4e2967b49b"},{"introduced":"0"},{"last_affected":"e9039a04503a140d60996bcae5931041f933ac89"}],"database_specific":{"versions":[{"introduced":"5.0.1"},{"fixed":"5.0.3"},{"introduced":"5.1.0"},{"fixed":"5.1.2"},{"introduced":"5.2.0"},{"fixed":"5.3.2"},{"introduced":"5.5.0"},{"fixed":"5.7.4"},{"introduced":"5.9.0"},{"fixed":"5.10.2"},{"introduced":"5.11.0"},{"fixed":"5.11.2"},{"introduced":"0"},{"last_affected":"5.8.0"},{"introduced":"0"},{"last_affected":"2.0.1"},{"introduced":"0"},{"last_affected":"2.2.5"},{"introduced":"0"},{"last_affected":"7.0"},{"introduced":"0"},{"last_affected":"2.2.1"},{"introduced":"0"},{"last_affected":"7.0"}]}}],"versions":["1.0.0","kubernetes-client-1.1.0","kubernetes-client-1.2.0","kubernetes-client-1.2.1","kubernetes-client-1.2.2","kubernetes-client-project-1.3.15","kubernetes-client-project-1.3.16","kubernetes-client-project-1.3.17","kubernetes-client-project-1.3.18","kubernetes-client-project-1.3.19","kubernetes-client-project-1.3.20","kubernetes-client-project-1.3.21","kubernetes-client-project-1.3.22","kubernetes-client-project-1.3.24","kubernetes-client-project-1.3.25","kubernetes-client-project-1.3.26","kubernetes-client-project-1.3.27","kubernetes-client-project-1.3.29","kubernetes-client-project-1.3.41","kubernetes-pom-1.2.3","kubernetes-pom-1.2.4","kubernetes-pom-1.2.5","kubernetes-pom-1.3.0","kubernetes-pom-1.3.1","kubernetes-pom-1.3.10","kubernetes-pom-1.3.11","kubernetes-pom-1.3.12","kubernetes-pom-1.3.13","kubernetes-pom-1.3.14","kubernetes-pom-1.3.2","kubernetes-pom-1.3.3","kubernetes-pom-1.3.4","kubernetes-pom-1.3.5","kubernetes-pom-1.3.6","kubernetes-pom-1.3.7","kubernetes-pom-1.3.8","kubernetes-pom-1.3.9","v1.3.28","v1.3.30","v1.3.31","v1.3.32","v1.3.33","v1.3.34","v1.3.35","v1.3.36","v1.3.37","v1.3.38","v1.3.39","v1.3.40","v1.3.42","v1.3.43","v1.3.44","v1.3.45","v1.3.46","v1.3.47","v1.3.48","v1.3.49","v2.0.1","v2.2.1","v2.2.5","v5.0.1","v5.0.2","v5.1.0","v5.1.1","v5.10.0","v5.10.1","v5.11.0","v5.11.1","v5.12.0","v5.2.0","v5.2.1","v5.3.0","v5.3.1","v5.5.0","v5.6.0","v5.7.0","v5.7.1","v5.7.2","v5.7.3","v5.8.0","v5.9.0","v6.0.0","v6.0.0-RC1","v6.1.0","v6.1.1","v6.10.0","v6.11.0","v6.12.0","v6.12.1","v6.13.0","v6.2.0","v6.3.0","v6.3.1","v6.4.0","v6.5.0","v6.5.1","v6.6.0","v6.6.1","v6.6.2","v6.7.0","v6.7.1","v6.7.2","v6.8.0","v6.9.0","v6.9.1","v6.9.2","v7.0.0"],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"5.0.0-beta1"}]},{"events":[{"introduced":"0"},{"last_affected":"7.11"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-4178.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"}]}