[ https://issues.apache.org/jira/browse/SUBMARINE-727?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Kevin Su updated SUBMARINE-727: ------------------------------- Fix Version/s: (was: 0.6.0) 0.7.0 > Update io.kubernetes:client-java > -------------------------------- > > Key: SUBMARINE-727 > URL: https://issues.apache.org/jira/browse/SUBMARINE-727 > Project: Apache Submarine > Issue Type: Bug > Components: Security > Affects Versions: 0.6.0 > Reporter: Kevin Su > Priority: Major > Fix For: 0.7.0 > > > moderate severity > *Vulnerable versions:* < 9.0.2 > *Patched version:* 9.0.2 > Kubernetes Java client libraries in version 10.0.0 and versions prior to > 9.0.1 allow writes to paths outside of the current directory when copying > multiple files from a remote pod which sends a maliciously crafted archive. > This can potentially overwrite any files on the system of the process > executing the client code. > Should Upgrade io.kubernetes:client-java to version 9.0.2 or later. For > example: > {code:java} > <dependency> > <groupId>io.kubernetes</groupId> > <artifactId>client-java</artifactId> > <version>[9.0.2,)</version> > </dependency>{code} > -- This message was sent by Atlassian Jira (v8.3.4#803005) --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@submarine.apache.org For additional commands, e-mail: dev-h...@submarine.apache.org