-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIA Semantic Attack on Google Gemini - Read the Latest Research
A Semantic Attack on Google Gemini - Read the Latest Research
Miggo AI
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| k8s.io/kubernetes | go | >= 1.5, < 1.9.6 | 1.9.6 |
Miggo AIRoot Cause AnalysisThe vulnerability stems from improper path sanitization during tar extraction in kubectl cp. The core function handling this operation is untarAll in cmd/cp.go, which directly processes tar headers and writes files using filepath.Join without checking for path escapes. Multiple sources (CVE description, Kubernetes issue #61297, and OpenShift S2I analysis) confirm this as the vulnerable path. No other extraction/validation functions are mentioned in available resources.