In the auto-remediation pipeline, object_to_execution.go was deserializing the AI-generated YAML directly into a Deployment object, but there was lack of validation from the original Deployment object.
This issue was fixed after coordination with Alex Jones.
To minimize the impact, the PoC of this vulnerability wasn't released, but was shared with the maintainers.
0.4.32Exploitability
AV:NAC:LAT:NPR:NUI:PVulnerable System
VC:HVI:HVA:HSubsequent System
SC:NSI:NSA:N8.7/CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N