Vulnerability Report: GO-2025-3522
- CVE-2024-9042, GHSA-vv39-3w5q-974q
- Affects: k8s.io/kubernetes
- Published: Mar 25, 2025
- Unreviewed
Kubernetes allows Command Injection affecting Windows nodes via nodes/*/logs/query API in k8s.io/kubernetes
For detailed information about this vulnerability, visit https://github.com/advisories/GHSA-vv39-3w5q-974q or https://nvd.nist.gov/vuln/detail/CVE-2024-9042.
Affected Modules
-
PathGo Versions
-
before v1.29.13, from v1.30.0-alpha.0 before v1.30.9, from v1.31.0-alpha.0 before v1.31.5, from v1.32.0-alpha.0 before v1.32.1
Aliases
References
- https://github.com/advisories/GHSA-vv39-3w5q-974q
- https://nvd.nist.gov/vuln/detail/CVE-2024-9042
- http://www.openwall.com/lists/oss-security/2025/01/16/1
- https://github.com/kubernetes/kubernetes/commit/45f4ccc2153bbb782253704cbe24c05e22b5d60c
- https://github.com/kubernetes/kubernetes/commit/5fe148234f8ab1184f26069c4f7bef6c37efe347
- https://github.com/kubernetes/kubernetes/commit/75c83a6871dc030675288c6d63c275a43c2f0d55
- https://github.com/kubernetes/kubernetes/commit/fb0187c2bf7061258bb89891edb1237261eb7abc
- https://github.com/kubernetes/kubernetes/issues/129654
- https://groups.google.com/g/kubernetes-security-announce/c/9C3vn6aCSVg
- https://vuln.go.dev/ID/GO-2025-3522.json
Feedback
This report is unreviewed. It was automatically generated from a third-party source and its details have not been verified by the Go team.
See anything missing or incorrect?
Suggest an edit to this report.