Loading YAML in Java client can lead to command execution

The io.kubernetes.client.util.Yaml file in the Kubernetes client library for Java uses a popular library SnakeYAML to serialize and deserialize YAML. The library has a feature which makes it possible to initiate instances of Java classes by using a YAML tag like !!some.Class [ "argument1" ]. More info about this feature can be found in the docs. This can be used to execute arbitrary code during the deserialization of a YAML file.