Security Advisory

CVE-2024-42363

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2024-08-20 20:20:03

Last updated 2024-08-20 20:53:00

Assigner GitHub_M

State PUBLISHED

Description

Prior to 3385, the user-controlled role parameter enters the application in the Kubernetes::RoleVerificationsController. The role parameter flows into the RoleConfigFile initializer and then into the Kubernetes::Util.parse_file method where it is unsafely deserialized using the YAML.load_stream method. This issue may lead to Remote Code Execution (RCE). This vulnerability is fixed in 3385.

← Browse all CVEs View on cve.org ↗