LOW 3.0 Go
kubectl ANSI escape characters not filtered
GHSA-f9jg-8p32-2f55 · CVE-2021-25743 · GO-2022-0983
Published · Modified
Description
kubectl (k8s.io/kubernetes/pkg/kubectl) does not neutralize escape, meta or control sequences contained in the raw data it outputs to a terminal. This includes but is not limited to the unstructured string fields in objects such as Events.
References
- ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2021-25743
- WEB https://github.com/kubernetes/kubernetes/issues/101695
- WEB https://github.com/kubernetes/kubernetes/pull/112553
- WEB https://github.com/kubernetes/kubernetes/commit/dad0e937c0f76344363eb691b2668490ffef8537
- PACKAGE https://github.com/kubernetes/kubernetes
- WEB https://security.netapp.com/advisory/ntap-20220217-0003
Ready to move
Start Securing
Free, no credit card | First findings in minutes