Lucene search
GoogleOSV:BIT-HELM-2020-15184HistoryMar 06, 2024 - 10:55 a.m.
BIT-helm-2020-15184
2024-03-0610:55:17
Google
osv.dev
7
helm
chart.yaml
injection
patch
workaround
dependencies
untrusted chart
In Helm before versions 2.16.11 and 3.3.2 there is a bug in which the alias field on a Chart.yaml is not properly sanitized. This could lead to the injection of unwanted information into a chart. This issue has been patched in Helm 3.3.2 and 2.16.11. A possible workaround is to manually review the dependencies field of any untrusted chart, verifying that the alias field is either not used, or (if used) does not contain newlines or path characters.
Related
osv
osv
Aliases are never checked in helm
2021-05-24 16:56:58
CVE-2020-15184
2020-09-17 21:15:17
prion
prion
Design/Logic Flaw
2020-09-17 21:15:00
cvelist
cvelist
CVE-2020-15184 Aliases are never checked in Helm
2020-09-17 20:40:12
cve
cve
CVE-2020-15184
2020-09-17 21:15:00
github
github
Aliases are never checked in helm
2021-05-24 16:56:58
gitlab
gitlab
veracode
veracode
Content Spoofing
2020-09-18 05:32:27
redhatcve
redhatcve
CVE-2020-15184
2020-09-24 11:16:52
ibm
ibm
altlinux
altlinux
Security fix for the ALT Linux 10 package helm version 3.4.1-alt1
2020-11-23 00:00:00
nessus
nessus
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2020:3760-1)
2021-06-09 00:00:00