CVE-2021-25737: URL Redirection to Untrusted Site ('Open Redirect')

September 6, 2021 (updated October 7, 2021)

A security issue was discovered in Kubernetes where a user may be able to redirect pod traffic to private networks on a Node. Kubernetes already prevents creation of Endpoint IPs in the localhost or link-local range, but the same validation was not performed on EndpointSlice IPs.

References

nvd.nist.gov/vuln/detail/CVE-2021-25737

Code Behaviors & Features

Detect and mitigate CVE-2021-25737 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →