A flaw was found in the fabric8-maven-plugin 4.0.0 and later. When using a wildfly-swarm or thorntail custom configuration, a malicious YAML configuration file on the local machine executing the maven plug-in could allow for deserialization of untrusted data resulting in arbitrary code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| io.fabric8:fabric8-maven-plugin(Maven) | 4.0.0-M1 | N/A | N/A |
CVSS Metrics
