{"id":"CVE-2021-20218","details":"A flaw was found in the fabric8 kubernetes-client in version 4.2.0 and after. This flaw allows a malicious pod/container to cause applications using the fabric8 kubernetes-client `copy` command to extract files outside the working path. The highest threat from this vulnerability is to integrity and system availability. This has been fixed in kubernetes-client-4.13.2 kubernetes-client-5.0.2 kubernetes-client-4.11.2 kubernetes-client-4.7.2","aliases":["GHSA-jwh2-ffg4-48xc"],"modified":"2026-02-11T12:56:31.323634Z","published":"2021-03-16T21:15:10.930Z","references":[{"type":"ADVISORY","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1923405"},{"type":"ADVISORY","url":"https://github.com/fabric8io/kubernetes-client/issues/2715"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1923405"},{"type":"FIX","url":"https://github.com/fabric8io/kubernetes-client/issues/2715"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/fabric8io/kubernetes-client","events":[{"introduced":"427919c5ae79ea7982f3a9d0a484e37e3ed0816b"},{"fixed":"1d1b3d404836871c4d0fc0a35dafe5d40369b519"},{"introduced":"53f70355d6b140ae4d25f0fe8704aee064fda5d7"},{"fixed":"fee2cb0813d2322f7476fb481ee745d54ad5d5ba"},{"introduced":"6a4ed988a3c7f013e5173cf69252a7272471535d"},{"fixed":"c9d712ecfa82d3537912bff5d108aa601e7f0109"},{"introduced":"9dc84ecafba374b23324cff60bee56c53737315a"},{"fixed":"36e898e4ad08b1539535e55c3878c8a3602ffdbc"}]}],"versions":["v4.13.1","v4.13.2","v5.0.0","v5.0.1"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-20218.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H"}]}