There is a defect in the copy implementation in Copy.java that was fixed in #1450
The summary of the issue is that you copy a file from a malicious pod with a specially crafted tarball, it may extract to any file that your user has permission to write.
This issue was fixed in release 9.0.2, 10.0.1 and 11.0.0 users are strongly encouraged to upgrade to those versions.
The text was updated successfully, but these errors were encountered:
There is a defect in the copy implementation in
Copy.javathat was fixed in #1450The summary of the issue is that you copy a file from a malicious pod with a specially crafted tarball, it may extract to any file that your user has permission to write.
This issue was fixed in release
9.0.2,10.0.1and11.0.0users are strongly encouraged to upgrade to those versions.The text was updated successfully, but these errors were encountered: