Skip to content

Vulnerabilities with the k8sGPT

High severity GitHub Reviewed Published Jun 13, 2024 in k8sgpt-ai/k8sgpt • Updated Jun 13, 2024

Package

gomod github.com/k8sgpt-ai/k8sgpt (Go)

Affected versions

< 0.3.33

Patched versions

0.3.33

Description

Summary

Bunch of vulnerabilities found in k8sGPT. Fixed in release https://github.com/k8sgpt-ai/k8sgpt/releases/tag/v0.3.33

References

@AlexsJones AlexsJones published to k8sgpt-ai/k8sgpt Jun 13, 2024
Published to the GitHub Advisory Database Jun 13, 2024
Reviewed Jun 13, 2024
Last updated Jun 13, 2024

Severity

High

EPSS score

Weaknesses

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. Learn more on MITRE.

Use of Uninitialized Variable

The code uses a variable that has not been initialized, leading to unpredictable or unintended results. Learn more on MITRE.

CVE ID

No known CVE

GHSA ID

GHSA-85rg-8m6h-825p

Source code

Credits

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.