Symlink File Overwrite Affecting Open this link in a new tab package, versions >=1.22.0 <1.22.2 >=1.21.0 <1.21.5 >=1.20.0 <1.20.11 <1.19.15

  • Attack Complexity


  • Confidentiality


  • Integrity


  • Availability


Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • snyk-id


  • published

    16 Sep 2021

  • disclosed

    15 Sep 2021

  • credit

    Fabricio Voznika, Mark Wolters

How to fix?

Upgrade to version 1.22.2, 1.21.5, 1.20.11, 1.19.15 or higher.

Overview is a Production-Grade Container Scheduling and Management.

Affected versions of this package are vulnerable to Symlink File Overwrite. Symlink exchange can allow host filesystem access. A flaw was found in kubernetes where an authorized user can create pods with crafted subpath volume mounts to access files and directories outside of the volume, including on the host node's filesystem.