Search for packages
| purl | pkg:golang/k8s.io/kubernetes@1.21.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-jjnq-w1uh-dudy
Aliases: CVE-2021-25737 GHSA-mfv7-gq43-w965 |
Incomplete List of Disallowed Inputs in Kubernetes A security issue was discovered in Kubernetes where a user may be able to redirect pod traffic to private networks on a Node. Kubernetes already prevents creation of Endpoint IPs in the localhost or link-local range, but the same validation was not performed on EndpointSlice IPs. |
Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-w9b7-vajk-3kdq | Kube-proxy may unintentionally forward traffic Kube-proxy on Windows can unintentionally forward traffic to local processes listening on the same port (`spec.ports[*].port`) as a LoadBalancer Service when the LoadBalancer controller does not set the `status.loadBalancer.ingress[].ip` field. Clusters where the LoadBalancer controller sets the `status.loadBalancer.ingress[].ip` field are unaffected. |
CVE-2021-25736
GHSA-35c7-w35f-xwgh |
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-01T13:01:02.150110+00:00 | GithubOSV Importer | Affected by | VCID-jjnq-w1uh-dudy | https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/09/GHSA-mfv7-gq43-w965/GHSA-mfv7-gq43-w965.json | 38.0.0 |
| 2026-04-01T12:57:25.276478+00:00 | GithubOSV Importer | Fixing | VCID-w9b7-vajk-3kdq | https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/10/GHSA-35c7-w35f-xwgh/GHSA-35c7-w35f-xwgh.json | 38.0.0 |