CVE-2021-25743

EPSS 0.26%
Veröffentlicht 07.01.2022 00:15:07
Zuletzt bearbeitet 13.01.2026 02:39:08
Quelle jordan@liggitt.net
CVE-Watchlists
Login
Unerledigt
Login

kubectl does not neutralize escape, meta or control sequences contained in the raw data it outputs to a terminal. This includes but is not limited to the unstructured string fields in objects such as Events.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Kubernetes ≫ Kubernetes Version <= 1.25.0

Kubernetes ≫ Kubernetes Version1.26.0 Updatealpha0

Kubernetes ≫ Kubernetes Version1.26.0 Updatealpha1

Kubernetes ≫ Kubernetes Version1.26.0 Updatealpha2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.26%	0.49

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	3	1.3	1.4	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:N
nvd@nist.gov	2.1	3.9	2.9	AV:N/AC:H/Au:S/C:N/I:P/A:N
jordan@liggitt.net	3	1.3	1.4	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:N

CWE-150 Improper Neutralization of Escape, Meta, or Control Sequences

The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as escape, meta, or control character sequences when they are sent to a downstream component.

https://github.com/kubernetes/kubernetes/issues/101695

Vendor Advisory

https://security.netapp.com/advisory/ntap-20220217-0003/

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2021-25743

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-25743

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-25743

EUVD