{"id":"CVE-2021-4178","details":"A arbitrary code execution flaw was found in the Fabric 8 Kubernetes client affecting versions 5.0.0-beta-1 and above. Due to an improperly configured YAML parsing, this will allow a local and privileged attacker to supply malicious YAML.","aliases":["GHSA-98g7-rxmf-rrxm"],"modified":"2026-02-11T13:22:25.051846Z","published":"2022-08-24T16:15:09.770Z","related":["GHSA-98g7-rxmf-rrxm"],"references":[{"type":"ADVISORY","url":"https://access.redhat.com/security/cve/CVE-2021-4178"},{"type":"ADVISORY","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2034388"},{"type":"ADVISORY","url":"https://github.com/advisories/GHSA-98g7-rxmf-rrxm"},{"type":"ADVISORY","url":"https://github.com/fabric8io/kubernetes-client/issues/3653"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2034388"},{"type":"REPORT","url":"https://github.com/fabric8io/kubernetes-client/issues/3653"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/fabric8io/kubernetes-client","events":[{"introduced":"109675fc7f4d1fa84ea445ad369eb1261b76a0cf"},{"fixed":"5e096210f7236a1c7d4954c35b8d410eb98730aa"},{"introduced":"1a59e3bd1f5e63bf984f4f5bbdcbe376cf1704f1"},{"fixed":"bdcb8f7bfd905523b8b58fd4e3330a02dd82cbfb"},{"introduced":"5f5c8d3f76375ffc0bccfc3c4f417beaac031024"},{"fixed":"23db4301478e74dac7154af70907bf98f2936ff5"},{"introduced":"65d13c08b527495d658c94017c88de248110cb82"},{"fixed":"11a73980ed4a49e5bbe3e729414760fb5c8bcadc"},{"introduced":"f000ac9194723781fe8c9c24fcf5bf58498bb260"},{"fixed":"0fa9285f03abe2c8d27a551dc0a0192f7a68b61e"},{"introduced":"faf7555f4f15681452ac3b42cce557e2e73ba7fa"},{"fixed":"930aa487f848cdb7ba9c3cf9fe4904c1a843179f"}]}],"versions":["v5.0.3","v5.1.2","v5.11.0","v5.11.1","v5.3.2","v5.4.2","v5.7.4","v5.8.1"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-4178.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"}]}