Affected by GO-2022-0617 and 17 other vulnerabilities

GO-2022-0617: WITHDRAWN: Potential proxy IP restriction bypass in Kubernetes in k8s.io/kubernetes

GO-2022-0907: Access Restriction Bypass in kube-apiserver in k8s.io/kubernetes

GO-2022-0908: Incomplete List of Disallowed Inputs in Kubernetes in k8s.io/kubernetes

GO-2022-0910: Files or Directories Accessible to External Parties in kubernetes in k8s.io/kubernetes

GO-2022-0983: kubectl ANSI escape characters not filtered in k8s.io/kubernetes

GO-2023-1864: Kubelet vulnerable to bypass of seccomp profile enforcement in k8s.io/kubernetes

GO-2023-1891: kube-apiserver vulnerable to policy bypass in k8s.io/kubernetes

GO-2023-1892: Kubernetes mountable secrets policy bypass in k8s.io/kubernetes

GO-2023-2159: Kube-proxy may unintentionally forward traffic in k8s.io/kubernetes

GO-2023-2341: Kubernetes Improper Input Validation vulnerability in k8s.io/kubernetes

GO-2024-2754: Sensitive Information leak via Log File in Kubernetes in k8s.io/kubernetes

GO-2024-2755: Sensitive Information leak via Log File in Kubernetes in k8s.io/kubernetes

GO-2024-2994: Kubernetes sets incorrect permissions on Windows containers logs in k8s.io/kubernetes

GO-2024-3277: Kubernetes Nil pointer dereference in KCM after v1 HPA patch request in k8s.io/kubernetes

GO-2025-3465: Node Denial of Service via kubelet Checkpoint API in k8s.io/kubernetes

GO-2025-3521: Kubernetes GitRepo Volume Inadvertent Local Repository Access in k8s.io/kubernetes

GO-2025-3522: Kubernetes allows Command Injection affecting Windows nodes via nodes/*/logs/query API in k8s.io/kubernetes

GO-2025-3547: Kubernetes kube-apiserver Vulnerable to Race Condition in k8s.io/kubernetes

yaml

package

v1.18.7 Latest Latest Go to latest Published: Aug 12, 2020 License: Apache-2.0 Imports: 5 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/kubernetes/kubernetes

Links

Open Source Insights

Documentation ¶

Overview ¶

Package yaml implements fuzzers for yaml deserialization routines in Kubernetes. These targets are compatible with the github.com/dvyukov/go-fuzz fuzzing framework.

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func FuzzDurationStrict ¶

func FuzzDurationStrict(b []byte) int

FuzzDurationStrict is a fuzz target for strict-unmarshaling Duration defined in "k8s.io/apimachinery/pkg/apis/meta/v1". This target also checks that the unmarshaled result can be marshaled back to the input.

func FuzzMicroTimeStrict ¶

func FuzzMicroTimeStrict(b []byte) int

FuzzMicroTimeStrict is a fuzz target for strict-unmarshaling MicroTime defined in "k8s.io/apimachinery/pkg/apis/meta/v1". This target also checks that the unmarshaled result can be marshaled back to the input.

func FuzzSigYaml ¶

func FuzzSigYaml(b []byte) int

FuzzSigYaml is a fuzz target for "sigs.k8s.io/yaml" unmarshaling.

func FuzzTimeStrict ¶

func FuzzTimeStrict(b []byte) int

FuzzTimeStrict is a fuzz target for strict-unmarshaling Time defined in "k8s.io/apimachinery/pkg/apis/meta/v1". This target also checks that the unmarshaled result can be marshaled back to the input.

func FuzzYamlV2 ¶

func FuzzYamlV2(b []byte) int

FuzzYamlV2 is a fuzz target for "gopkg.in/yaml.v2" unmarshaling.

Types ¶

This section is empty.

Source Files ¶

View all Source files

yaml.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL