{ "affected": [ { "ranges": [ { "database_specific": { "versions": [ { "introduced": "1.9.0" }, { "last_affected": "1.9.9" }, { "introduced": "1.10.0" }, { "last_affected": "1.10.5" }, { "introduced": "1.11.0" }, { "last_affected": "1.11.1" } ] }, "events": [ { "introduced": "925c127ec6b946659ad0fd596fa959be43f0cc05" }, { "last_affected": "57729ea3d9a1b75f3fc7bbbadc597ba707d47c8a" }, { "introduced": "fc32d2f3698e36b93322a3465f63a14e9f0eaead" }, { "last_affected": "32ac1c9073b132b8ba18aa830f46b77dcceb0723" }, { "introduced": "91e7b4fd31fcd3d5f436da26c980becec37ceefe" }, { "last_affected": "b1b29978270dc22fecc592ac55d903350454310a" } ], "repo": "https://github.com/kubernetes/kubernetes", "type": "GIT" } ] } ], "details": "In Kubernetes versions 1.9.0-1.9.9, 1.10.0-1.10.5, and 1.11.0-1.11.1, user input was handled insecurely while setting up volume mounts on Windows nodes, which could lead to command line argument injection.", "id": "CVE-2018-1002101", "modified": "2026-03-15T21:51:13.893689684Z", "published": "2018-12-05T21:29:00.293Z", "references": [ { "type": "ADVISORY", "url": "http://www.securityfocus.com/bid/106238" }, { "type": "ADVISORY", "url": "https://security.netapp.com/advisory/ntap-20190416-0008/" }, { "type": "FIX", "url": "https://github.com/kubernetes/kubernetes/issues/65750" } ], "severity": [ { "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "type": "CVSS_V3" } ] }