The Kubernetes kubelet component allows arbitrary command execution via specially crafted gitRepo volumes.This issue affects kubelet: through 1.28.11, from 1.29.0 through 1.29.6, from 1.30.0 through 1.30.2.

Affected Packages

Go k8s.io/kubernetes

Affected versions: 0 (fixed in 1.28.12)

Go k8s.io/kubernetes

Affected versions: 1.29.0 (fixed in 1.29.7)

Go k8s.io/kubernetes

Affected versions: 1.30.0 (fixed in 1.30.3)

Related CVEs

CVE-2024-10220

Key Information

GHSA ID

GHSA-27wf-5967-98gx

Published

November 22, 2024 9:32 PM

Last Modified

December 13, 2024 9:45 PM

CVSS Score

7.5 /10

Primary Ecosystem

Primary Package

k8s.io/kubernetes

GitHub Reviewed

✓ Yes

Dataset

Last updated: November 24, 2025 6:29 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.