[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2019-11251":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T02:55:30.529Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":207,"aliases":208,"duplicate_of":9,"upstream":211,"downstream":212,"duplicates":223,"related":224,"reserved_at":9,"published_at":226,"modified_at":227,"state":228,"summary":229,"references_raw":238,"kevs":267,"epss":268,"epss_history":271,"metrics":526,"affected":544},"CVE-2019-11251","The Kubernetes kubectl cp command in versions 1.1-1.12, and versions prior to 1.13.11, 1.14.7, and 1.15.4 allows a combination of two symlinks provided by tar output of a malicious container to place a file outside of the destination directory specified in the kubectl cp invocation. This could be used to allow an attacker to place a nefarious file using a symlink, outside of the destination tree.",null,[11,195],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-59","Improper Link Resolution Before File Access ('Link Following')","The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.","weakness","Draft","Base","Medium",[20,101,162,191],{"id":21,"name":22,"techniques":23},"CAPEC-132","Symlink Attack",[24],{"id":25,"name":26,"tactics":27,"countermeasures":34},"T1547.009","Shortcut Modification",[28,31],{"id":29,"name":30},"TA0110","Persistence",{"id":32,"name":33},"TA0111","Privilege Escalation",[35,40,44,48,52,57,62,67,72,77,81,85,89,93,97],{"id":36,"name":37,"tactic":38},"D3-FA","File Analysis",{"name":39},"Detect",{"id":41,"name":42,"tactic":43},"D3-FIM","File Integrity Monitoring",{"name":39},{"id":45,"name":46,"tactic":47},"D3-DA","Dynamic Analysis",{"name":39},{"id":49,"name":50,"tactic":51},"D3-EFA","Emulated File Analysis",{"name":39},{"id":53,"name":54,"tactic":55},"D3-FEV","File Eviction",{"name":56},"Evict",{"id":58,"name":59,"tactic":60},"D3-DF","Decoy File",{"name":61},"Deceive",{"id":63,"name":64,"tactic":65},"D3-FE","File Encryption",{"name":66},"Harden",{"id":68,"name":69,"tactic":70},"D3-RF","Restore File",{"name":71},"Restore",{"id":73,"name":74,"tactic":75},"D3-CF","Content Filtering",{"name":76},"Isolate",{"id":78,"name":79,"tactic":80},"D3-LFP","Local File Permissions",{"name":76},{"id":82,"name":83,"tactic":84},"D3-RFAM","Remote File Access Mediation",{"name":76},{"id":86,"name":87,"tactic":88},"D3-CQ","Content Quarantine",{"name":76},{"id":90,"name":91,"tactic":92},"D3-CM","Content Modification",{"name":76},{"id":94,"name":95,"tactic":96},"D3-EAL","Executable Allowlisting",{"name":76},{"id":98,"name":99,"tactic":100},"D3-EDL","Executable Denylisting",{"name":76},{"id":102,"name":103,"techniques":104},"CAPEC-17","Using Malicious Files",[105,142],{"id":106,"name":107,"tactics":108,"countermeasures":120},"T1574.005","Executable Installer File Permissions Weakness",[109,110,111,114,117],{"id":29,"name":30},{"id":32,"name":33},{"id":112,"name":113},"TA0030","Defense Evasion",{"id":115,"name":116},"TA0005","Stealth",{"id":118,"name":119},"TA0104","Execution",[121,126,130,134,138],{"id":122,"name":123,"tactic":124},"D3-SWI","Software Inventory",{"name":125},"Model",{"id":127,"name":128,"tactic":129},"D3-AVE","Asset Vulnerability Enumeration",{"name":125},{"id":131,"name":132,"tactic":133},"D3-SBV","Service Binary Verification",{"name":39},{"id":135,"name":136,"tactic":137},"D3-SU","Software Update",{"name":66},{"id":139,"name":140,"tactic":141},"D3-RS","Restore Software",{"name":71},{"id":143,"name":144,"tactics":145,"countermeasures":151},"T1574.010","Services File Permissions Weakness",[146,147,148,149,150],{"id":29,"name":30},{"id":32,"name":33},{"id":112,"name":113},{"id":115,"name":116},{"id":118,"name":119},[152,154,156,158,160],{"id":122,"name":123,"tactic":153},{"name":125},{"id":127,"name":128,"tactic":155},{"name":125},{"id":131,"name":132,"tactic":157},{"name":39},{"id":135,"name":136,"tactic":159},{"name":66},{"id":139,"name":140,"tactic":161},{"name":71},{"id":163,"name":164,"techniques":165},"CAPEC-35","Leverage Executable Code in Non-Executable Files",[166,173,180],{"id":167,"name":168,"tactics":169,"countermeasures":172},"T1027.006","HTML Smuggling",[170,171],{"id":112,"name":113},{"id":115,"name":116},[],{"id":174,"name":175,"tactics":176,"countermeasures":179},"T1027.009","Embedded Payloads",[177,178],{"id":112,"name":113},{"id":115,"name":116},[],{"id":181,"name":182,"tactics":183,"countermeasures":186},"T1564.009","Resource Forking",[184,185],{"id":112,"name":113},{"id":115,"name":116},[187],{"id":188,"name":189,"tactic":190},"D3-FFV","File Format Verification",{"name":76},{"id":192,"name":193,"techniques":194},"CAPEC-76","Manipulating Web Input to File System Calls",[],{"_key":196,"id":196,"name":197,"description":198,"type":15,"status":199,"abstraction":200,"likelihood_of_exploit":201,"capec":202},"CWE-61","UNIX Symbolic Link (Symlink) Following","The product, when opening a file or directory, does not sufficiently account for when the file is a symbolic link that resolves to a target outside of the intended control sphere. This could allow an attacker to cause the product to operate on unauthorized files.","Incomplete","Compound","High",[203],{"id":204,"name":205,"techniques":206},"CAPEC-27","Leveraging Race Conditions via Symbolic Links",[],[],[209,210],"GHSA-6qfg-8799-r575","GO-2022-0802",[],[213,215,217,219,221],{"_key":214},"RHSA-2019:3266",{"_key":216},"UBUNTU-CVE-2019-11251",{"_key":218},"RHSA-2019:3811",{"_key":220},"RHSA-2019:3905",{"_key":222},"OPENSUSE-SU-2025:15424-1",[],[225],{"_key":222},"2020-02-03T15:35:13.000Z","2024-08-04T22:48:09.005Z","Modified",{"cisa_kev":230,"cisa_ransomware":230,"cisa_vendor":9,"epss_severity":231,"epss_score":232,"severity":233,"severity_score":234,"severity_version":235,"severity_source":236,"severity_vector":237,"severity_status":228},false,"low",0.02647,"medium",5.7,"v3.1","nvd","CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N",[239,248,254,259,263],{"url":240,"sources":241,"tags":244},"https://github.com/kubernetes/kubernetes/issues/87773",[242,236,243],"cve.org","osv_go",[245,246,247],"X Refsource CONFIRM","Third Party Advisory","WEB",{"url":249,"sources":250,"tags":251},"https://groups.google.com/d/msg/kubernetes-announce/YYtEFdFimZ4/nZnOezZuBgAJ",[242,236,243],[252,253,246,247],"Mailing List","X Refsource MLIST",{"url":255,"sources":256,"tags":257},"https://nvd.nist.gov/vuln/detail/CVE-2019-11251",[243],[258],"Advisory",{"url":260,"sources":261,"tags":262},"https://github.com/kubernetes/kubernetes/pull/82143",[243],[247],{"url":264,"sources":265,"tags":266},"https://github.com/advisories/GHSA-6qfg-8799-r575",[243],[258],[],{"date":269,"score":232,"percentile":270},"2026-06-04",0.86025,[272,276,279,282,285,288,291,294,297,300,303,306,308,311,313,317,320,323,326,329,331,334,337,340,342,344,346,349,352,355,357,360,363,365,367,369,372,376,379,382,385,388,391,393,396,399,402,405,407,410,413,416,419,422,425,428,431,434,437,440,442,445,448,452,455,458,461,463,466,469,471,474,477,479,482,484,487,490,493,495,497,500,503,506,509,512,515,518,520,523],{"date":273,"score":274,"percentile":275},"2025-11-04",0.0195,0.82864,{"date":277,"score":274,"percentile":278},"2025-11-05",0.82868,{"date":280,"score":274,"percentile":281},"2025-11-06",0.82871,{"date":283,"score":274,"percentile":284},"2025-11-07",0.82881,{"date":286,"score":274,"percentile":287},"2025-11-08",0.82887,{"date":289,"score":274,"percentile":290},"2025-11-09",0.82882,{"date":292,"score":274,"percentile":293},"2025-11-10",0.82876,{"date":295,"score":274,"percentile":296},"2025-11-11",0.82884,{"date":298,"score":274,"percentile":299},"2025-11-12",0.82894,{"date":301,"score":274,"percentile":302},"2025-11-13",0.82899,{"date":304,"score":274,"percentile":305},"2025-11-14",0.82902,{"date":307,"score":274,"percentile":299},"2025-11-15",{"date":309,"score":274,"percentile":310},"2025-11-16",0.82897,{"date":312,"score":274,"percentile":299},"2025-11-17",{"date":314,"score":315,"percentile":316},"2025-11-18",0.009,0.73672,{"date":318,"score":315,"percentile":319},"2025-11-19",0.73678,{"date":321,"score":315,"percentile":322},"2025-11-20",0.73687,{"date":324,"score":274,"percentile":325},"2025-11-21",0.82907,{"date":327,"score":274,"percentile":328},"2025-11-22",0.82909,{"date":330,"score":274,"percentile":305},"2025-11-23",{"date":332,"score":274,"percentile":333},"2025-11-24",0.82901,{"date":335,"score":274,"percentile":336},"2025-11-25",0.82904,{"date":338,"score":274,"percentile":339},"2025-11-26",0.82905,{"date":341,"score":274,"percentile":339},"2025-11-27",{"date":343,"score":274,"percentile":299},"2025-11-28",{"date":345,"score":274,"percentile":302},"2025-11-29",{"date":347,"score":274,"percentile":348},"2025-11-30",0.82903,{"date":350,"score":274,"percentile":351},"2025-12-01",0.82975,{"date":353,"score":274,"percentile":354},"2025-12-02",0.82979,{"date":356,"score":274,"percentile":354},"2025-12-03",{"date":358,"score":274,"percentile":359},"2025-12-04",0.829,{"date":361,"score":274,"percentile":362},"2025-12-05",0.82906,{"date":364,"score":274,"percentile":336},"2025-12-06",{"date":366,"score":274,"percentile":359},"2025-12-07",{"date":368,"score":274,"percentile":348},"2025-12-08",{"date":370,"score":274,"percentile":371},"2025-12-09",0.82917,{"date":373,"score":374,"percentile":375},"2025-12-10",0.02665,0.85321,{"date":377,"score":374,"percentile":378},"2025-12-11",0.85327,{"date":380,"score":374,"percentile":381},"2025-12-12",0.85332,{"date":383,"score":374,"percentile":384},"2025-12-13",0.85329,{"date":386,"score":374,"percentile":387},"2025-12-14",0.85325,{"date":389,"score":374,"percentile":390},"2025-12-15",0.85322,{"date":392,"score":374,"percentile":378},"2025-12-16",{"date":394,"score":374,"percentile":395},"2025-12-17",0.85331,{"date":397,"score":374,"percentile":398},"2025-12-18",0.85337,{"date":400,"score":374,"percentile":401},"2025-12-19",0.85341,{"date":403,"score":374,"percentile":404},"2025-12-20",0.85335,{"date":406,"score":374,"percentile":398},"2025-12-21",{"date":408,"score":374,"percentile":409},"2025-12-22",0.85336,{"date":411,"score":374,"percentile":412},"2025-12-23",0.85343,{"date":414,"score":374,"percentile":415},"2025-12-24",0.85347,{"date":417,"score":374,"percentile":418},"2025-12-25",0.85363,{"date":420,"score":374,"percentile":421},"2025-12-26",0.85366,{"date":423,"score":374,"percentile":424},"2025-12-27",0.85417,{"date":426,"score":374,"percentile":427},"2025-12-28",0.85357,{"date":429,"score":374,"percentile":430},"2025-12-29",0.85355,{"date":432,"score":374,"percentile":433},"2025-12-30",0.85362,{"date":435,"score":374,"percentile":436},"2025-12-31",0.85371,{"date":438,"score":374,"percentile":439},"2026-01-01",0.85431,{"date":441,"score":374,"percentile":439},"2026-01-02",{"date":443,"score":374,"percentile":444},"2026-01-03",0.8543,{"date":446,"score":374,"percentile":447},"2026-01-04",0.85368,{"date":449,"score":450,"percentile":451},"2026-01-05",0.03448,0.87149,{"date":453,"score":450,"percentile":454},"2026-01-06",0.87151,{"date":456,"score":450,"percentile":457},"2026-01-07",0.87153,{"date":459,"score":450,"percentile":460},"2026-01-08",0.8716,{"date":462,"score":450,"percentile":460},"2026-01-09",{"date":464,"score":450,"percentile":465},"2026-01-10",0.87161,{"date":467,"score":450,"percentile":468},"2026-01-11",0.87154,{"date":470,"score":450,"percentile":454},"2026-01-12",{"date":472,"score":450,"percentile":473},"2026-01-13",0.8715,{"date":475,"score":450,"percentile":476},"2026-01-14",0.87162,{"date":478,"score":450,"percentile":460},"2026-01-15",{"date":480,"score":450,"percentile":481},"2026-01-16",0.87166,{"date":483,"score":450,"percentile":481},"2026-01-17",{"date":485,"score":450,"percentile":486},"2026-01-18",0.87165,{"date":488,"score":450,"percentile":489},"2026-01-19",0.87159,{"date":491,"score":450,"percentile":492},"2026-01-20",0.87158,{"date":494,"score":450,"percentile":465},"2026-01-21",{"date":496,"score":450,"percentile":481},"2026-01-22",{"date":498,"score":450,"percentile":499},"2026-01-23",0.87177,{"date":501,"score":450,"percentile":502},"2026-01-24",0.87185,{"date":504,"score":450,"percentile":505},"2026-01-25",0.87181,{"date":507,"score":450,"percentile":508},"2026-01-26",0.87178,{"date":510,"score":450,"percentile":511},"2026-01-27",0.87179,{"date":513,"score":450,"percentile":514},"2026-01-28",0.87182,{"date":516,"score":450,"percentile":517},"2026-01-29",0.87184,{"date":519,"score":450,"percentile":502},"2026-01-30",{"date":521,"score":450,"percentile":522},"2026-01-31",0.87186,{"date":524,"score":450,"percentile":525},"2026-02-01",0.87253,[527,534,542],{"source":242,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":528,"cvss_v4_0":9},{"baseScore":529,"baseSeverity":530,"vectorString":531,"impactScore":532,"exploitabilityScore":533},4.8,"MEDIUM","CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N",6,3.1,{"source":236,"cvss_v2_0":535,"cvss_v3_0":9,"cvss_v3_1":540,"cvss_v4_0":9},{"baseScore":536,"baseSeverity":9,"vectorString":537,"impactScore":538,"exploitabilityScore":539},4.3,"AV:N/AC:M/Au:N/C:N/I:P/A:N",2.9,8.6,{"baseScore":234,"baseSeverity":530,"vectorString":237,"impactScore":532,"exploitabilityScore":541},5.4,{"source":243,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":543,"cvss_v4_0":9},{"baseScore":234,"baseSeverity":9,"vectorString":237,"impactScore":532,"exploitabilityScore":541},[545,568],{"ecosystem":546,"name":547,"vendor":548,"product":549,"cpe_part":9,"purl_type":550,"purl_namespace":548,"purl_name":549,"source":9,"versions":551},"Go","k8s.io/kubernetes","k8s.io","kubernetes","golang",[552,560,564],{"version":553,"is_range":554,"range_type":555,"version_start":556,"version_start_type":557,"version_end":558,"version_end_type":559,"fixed_in":9},"gte1_13_10_lt1_13_11",true,"semver","1.13.10","including","1.13.11","excluding",{"version":561,"is_range":554,"range_type":555,"version_start":562,"version_start_type":557,"version_end":563,"version_end_type":559,"fixed_in":9},"gte1_14_6_lt1_14_7","1.14.6","1.14.7",{"version":565,"is_range":554,"range_type":555,"version_start":566,"version_start_type":557,"version_end":567,"version_end_type":559,"fixed_in":9},"gte1_15_3_lt1_16_0","1.15.3","1.16.0",{"ecosystem":9,"name":549,"vendor":549,"product":549,"cpe_part":569,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":570},"a",[571,575,578,582,584,586,588,590,592,594,596,598,600,602,604,606,608,610,612],{"version":572,"is_range":554,"range_type":573,"version_start":574,"version_start_type":557,"version_end":558,"version_end_type":559,"fixed_in":9},"gte1.13.0_lt1.13.11","cpe","1.13.0",{"version":576,"is_range":554,"range_type":573,"version_start":577,"version_start_type":557,"version_end":563,"version_end_type":559,"fixed_in":9},"gte1.14.0_lt1.14.7","1.14.0",{"version":579,"is_range":554,"range_type":573,"version_start":580,"version_start_type":557,"version_end":581,"version_end_type":559,"fixed_in":9},"gte1.15.0_lt1.15.4","1.15.0","1.15.4",{"version":583,"is_range":230,"range_type":573,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"1.1-1.12",{"version":585,"is_range":230,"range_type":242,"version_start":585,"version_start_type":557,"version_end":585,"version_end_type":557,"fixed_in":9},"prior to 1.13.11",{"version":587,"is_range":230,"range_type":242,"version_start":587,"version_start_type":557,"version_end":587,"version_end_type":557,"fixed_in":9},"prior to 1.14.7",{"version":589,"is_range":230,"range_type":242,"version_start":589,"version_start_type":557,"version_end":589,"version_end_type":557,"fixed_in":9},"prior to 1.15.4",{"version":591,"is_range":230,"range_type":242,"version_start":591,"version_start_type":557,"version_end":591,"version_end_type":557,"fixed_in":9},"1.1",{"version":593,"is_range":230,"range_type":242,"version_start":593,"version_start_type":557,"version_end":593,"version_end_type":557,"fixed_in":9},"1.2",{"version":595,"is_range":230,"range_type":242,"version_start":595,"version_start_type":557,"version_end":595,"version_end_type":557,"fixed_in":9},"1.3",{"version":597,"is_range":230,"range_type":242,"version_start":597,"version_start_type":557,"version_end":597,"version_end_type":557,"fixed_in":9},"1.4",{"version":599,"is_range":230,"range_type":242,"version_start":599,"version_start_type":557,"version_end":599,"version_end_type":557,"fixed_in":9},"1.5",{"version":601,"is_range":230,"range_type":242,"version_start":601,"version_start_type":557,"version_end":601,"version_end_type":557,"fixed_in":9},"1.6",{"version":603,"is_range":230,"range_type":242,"version_start":603,"version_start_type":557,"version_end":603,"version_end_type":557,"fixed_in":9},"1.7",{"version":605,"is_range":230,"range_type":242,"version_start":605,"version_start_type":557,"version_end":605,"version_end_type":557,"fixed_in":9},"1.8",{"version":607,"is_range":230,"range_type":242,"version_start":607,"version_start_type":557,"version_end":607,"version_end_type":557,"fixed_in":9},"1.9",{"version":609,"is_range":230,"range_type":242,"version_start":609,"version_start_type":557,"version_end":609,"version_end_type":557,"fixed_in":9},"1.10",{"version":611,"is_range":230,"range_type":242,"version_start":611,"version_start_type":557,"version_end":611,"version_end_type":557,"fixed_in":9},"1.11",{"version":613,"is_range":230,"range_type":242,"version_start":613,"version_start_type":557,"version_end":613,"version_end_type":557,"fixed_in":9},"1.12"]