CVE-2020-10721

HIGH

fabric8-maven-plugin >=4.0.0 - Code Injection

Title source: llm

Description

A flaw was found in the fabric8-maven-plugin 4.0.0 and later. When using a wildfly-swarm or thorntail custom configuration, a malicious YAML configuration file on the local machine executing the maven plug-in could allow for deserialization of untrusted data resulting in arbitrary code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

References (1)

[Issue Tracking, Vendor Advisory] https://bugzilla.redhat.com/show_bug.cgi?id=1827201

Scores

CVSS v3 7.8

EPSS 0.0006

EPSS Percentile 19.1%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-502

Status published

Affected Products (2)

redhat/fabric8-maven < 4.4.1

io.fabric8/fabric8-maven-plugin Maven

Timeline

Published Oct 22, 2020

Tracked Since Feb 18, 2026