Back to CVE List

CVE-2024-42363

Vulnerability Description

Prior to 3385, the user-controlled role parameter enters the application in the Kubernetes::RoleVerificationsController. The role parameter flows into the RoleConfigFile initializer and then into the Kubernetes::Util.parse_file method where it is unsafely deserialized using the YAML.load_stream method. This issue may lead to Remote Code Execution (RCE). This vulnerability is fixed in 3385.

Vulnerability Details

Published Date
Last Modified
Source
NVD

Discussion (0)

Add Comment

No comments yet. Be the first!