CVE-2021-25743

EPSS 0.28%
Published 07.01.2022 00:15:07
Last modified 22.08.2025 19:16:27
Source jordan@liggitt.net
Teams watchlist Login
Open Login

kubectl does not neutralize escape, meta or control sequences contained in the raw data it outputs to a terminal. This includes but is not limited to the unstructured string fields in objects such as Events.

Affected products Warnungen 0 Metrics 4 CWE 1 References 5

Data is provided by the National Vulnerability Database (NVD)

Kubernetes ≫ Kubernetes Version <= 1.25.0

Kubernetes ≫ Kubernetes Version1.26.0 Updatealpha.0

Kubernetes ≫ Kubernetes Version1.26.0 Updatealpha.1

Kubernetes ≫ Kubernetes Version1.26.0 Updatealpha.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.28%	0.511

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	3	1.3	1.4	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:N
nvd@nist.gov	2.1	3.9	2.9	AV:N/AC:H/Au:S/C:N/I:P/A:N
jordan@liggitt.net	3	1.3	1.4	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:N

CWE-150 Improper Neutralization of Escape, Meta, or Control Sequences

The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as escape, meta, or control character sequences when they are sent to a downstream component.

https://github.com/kubernetes/kubernetes/issues/101695

Vendor Advisory

https://security.netapp.com/advisory/ntap-20220217-0003/

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2021-25743

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-25743

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-25743

EUVD