Home > Vulnerability Database > CVE-2021-25743

Mend.io Vulnerability Database

CVE-2021-25743

Good to know:

Date: January 6, 2022

kubectl does not neutralize escape, meta or control sequences contained in the raw data it outputs to a terminal. This includes but is not limited to the unstructured string fields in objects such as Events.

Language: Go

Severity Score

3.0

Related Resources (10)

Url: https://github.com/kubernetes/kubernetes

Url: https://github.com/kubernetes/kubernetes/pull/112553

Url: https://github.com/advisories/GHSA-f9jg-8p32-2f55

Url: https://security-tracker.debian.org/tracker/CVE-2021-25743

Url: https://security.netapp.com/advisory/ntap-20220217-0003

Url: https://nvd.nist.gov/vuln/detail/CVE-2021-25743

Url: https://github.com/kubernetes/kubernetes/commit/dad0e937c0f76344363eb691b2668490ffef8537

Url: https://github.com/kubernetes/kubernetes/issues/101695

Url: https://security.netapp.com/advisory/ntap-20220217-0003/

Url: https://www.mend.io/vulnerability-database/CVE-2021-25743

Severity Score

3.0

Weakness Type (CWE)

Improper Neutralization of Escape, Meta, or Control Sequences

CWE-150

Top Fix

Upgrade Version

Upgrade to version k8s.io/kubernetes - v1.26.0-alpha.3

Learn More

CVSS v3.1

Base Score:	3.0
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	LOW
User Interaction (UI):	REQUIRED
Scope (S):	CHANGED
Confidentiality (C):	NONE
Integrity (I):	LOW
Availability (A):	NONE

CVSS v2

Base Score:	2.1
Access Vector (AV):	NETWORK
Access Complexity (AC):	HIGH
Authentication (AU):	SINGLE
Confidentiality (C):	NONE
Integrity (I):	PARTIAL
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2021-25743

Good to know:

Date: January 6, 2022

Language: Go

Severity Score

Related Resources (10)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?