reports/GO-2021-0066.toml - vulndb - Git at Google

 module = "k8s.io/kubernetes"
 package = "k8s.io/kubernetes/pkg/credentialprovider"

 description = """
 Attempting to read a malformed .dockercfg may cause secrets to be
 inappropriately logged.
 """

 cve = "CVE-2020-8564"

 credit = "@sfowl"

 symbols = ["readDockerConfigFileFromBytes", "readDockerConfigJSONFileFromBytes"]

 [[versions]]
 fixed = "v1.20.0-alpha.1"

 [links]
 commit = "https://github.com/kubernetes/kubernetes/commit/11793434dac97a49bfed0150b56ac63e5dc34634"
 pr = "https://github.com/kubernetes/kubernetes/pull/94712"
 context = ["https://github.com/kubernetes/kubernetes/issues/95622"]

 # This is a really confusing one to classify becuase of how kubernetes
 # does their vendoring stuff.
	module = "k8s.io/kubernetes"
	package = "k8s.io/kubernetes/pkg/credentialprovider"

	description = """
	Attempting to read a malformed .dockercfg may cause secrets to be
	inappropriately logged.
	"""

	cve = "CVE-2020-8564"

	credit = "@sfowl"

	symbols = ["readDockerConfigFileFromBytes", "readDockerConfigJSONFileFromBytes"]

	[[versions]]
	fixed = "v1.20.0-alpha.1"

	[links]
	commit = "https://github.com/kubernetes/kubernetes/commit/11793434dac97a49bfed0150b56ac63e5dc34634"
	pr = "https://github.com/kubernetes/kubernetes/pull/94712"
	context = ["https://github.com/kubernetes/kubernetes/issues/95622"]

	# This is a really confusing one to classify becuase of how kubernetes
	# does their vendoring stuff.