vulnerability arbitrary code execution
severity 8.8
language python
registry other

:book: Description

hyper-kube-config A Serverless API and kubectl plugin providing a storage and retrieval Kubernetes cluster credentials. Hyperkube leverages AWS Secrets Manager for storing credential information.This package is vulnerable for Arbitary Code Execution


:recycle: Steps To Reproduce-:

  1. git clone https://github.com/zillow/hyper-kube-config
  2. run as in poc.png

:telescope: POC

💥 Impact

Arbitary code execution