184 matches found
October 安全漏洞
October is an open-source content management system CMS and online platform developed by October. Versions prior to October 3.7.13, as well as those before 4.1.4, contained security vulnerabilities. These vulnerabilities stemmed from a sandbox bypass in the Twig security mode function, which coul...
BIT-HELM-2026-35205 Helm's plugin verification fails open when .prov is missing, allowing unsigned plugin install
Helm is a package manager for Charts for Kubernetes. From 4.0.0 to 4.1.3, Helm will install plugins missing provenance .prov file when signature verification is required. This vulnerability is fixed in 4.1.4...
PT-2026-32426
Helm is a package manager for Charts for Kubernetes. From 4.0.0 to 4.1.3, a specially crafted Helm plugin, when installed or updated, will cause Helm to write the contents of the plugin to an arbitrary filesystem location. To prevent this, validate that the plugin.yaml of the Helm plugin does not...
PT-2026-32427
Helm is a package manager for Charts for Kubernetes. From 4.0.0 to 4.1.3, Helm will install plugins missing provenance .prov file when signature verification is required. This vulnerability is fixed in 4.1.4...
SUSE CVE-2026-35205
Helm is a package manager for Charts for Kubernetes. From 4.0.0 to 4.1.3, Helm will install plugins missing provenance .prov file when signature verification is required. This vulnerability is fixed in 4.1.4...
SUSE CVE-2026-35206
Helm is a package manager for Charts for Kubernetes. In Helm versions =3.20.1 and =4.1.3, a specially crafted Chart will cause helm pull --untar chart URL | repo/chartname to write the Chart's contents to the immediate output directory as defaulted to the current working directory; or as given by...
Failing Open
Overview Affected versions of this package are vulnerable to Failing Open in plugin installation, when signature verification is required, but the .prov file is missing. An attacker can execute arbitrary code by providing a malicious plugin archive that omits provenance data, thereby bypassing...
EUVD-2026-20901
Helm's plugin verification fails open when .prov is missing, allowing unsigned plugin install...
Failing Open
Overview Affected versions of this package are vulnerable to Failing Open in plugin installation, when signature verification is required, but the .prov file is missing. An attacker can execute arbitrary code by providing a malicious plugin archive that omits provenance data, thereby bypassing...
Failing Open
Overview Affected versions of this package are vulnerable to Failing Open in plugin installation, when signature verification is required, but the .prov file is missing. An attacker can execute arbitrary code by providing a malicious plugin archive that omits provenance data, thereby bypassing...
Helm has a path traversal in plugin metadata version enables arbitrary file write outside Helm plugin directory
Helm is a package manager for Charts for Kubernetes. In Helm versions =4.0.0 and =4.1.3, a specially crafted Helm plugin, when installed or updated, will cause Helm to write the contents of the plugin to an arbitrary filesystem location. Impact A Helm user who installs or updates a plugin that is...
GHSA-VMX8-MQV2-9GMG Helm has a path traversal in plugin metadata version enables arbitrary file write outside Helm plugin directory
Helm is a package manager for Charts for Kubernetes. In Helm versions =4.0.0 and =4.1.3, a specially crafted Helm plugin, when installed or updated, will cause Helm to write the contents of the plugin to an arbitrary filesystem location. Impact A Helm user who installs or updates a plugin that is...
EUVD-2026-20900
Helm has a path traversal in plugin metadata version enables arbitrary file write outside Helm plugin directory...
CVE-2026-35206
Helm is a package manager for Charts for Kubernetes. In Helm versions =3.20.1 and =4.1.3, a specially crafted Chart will cause helm pull --untar chart URL | repo/chartname to write the Chart's contents to the immediate output directory as defaulted to the current working directory; or as given by...
CVE-2026-35206
Helm is a package manager for Charts for Kubernetes. In Helm versions =3.20.1 and =4.1.3, a specially crafted Chart will cause helm pull --untar chart URL | repo/chartname to write the Chart's contents to the immediate output directory as defaulted to the current working directory; or as given by...
CVE-2026-35206
Helm is a package manager for Charts for Kubernetes. In Helm versions =3.20.1 and =4.1.3, a specially crafted Chart will cause helm pull --untar chart URL | repo/chartname to write the Chart's contents to the immediate output directory as defaulted to the current working directory; or as given by...
CVE-2026-35205
Helm's plugin verification flaw allows installation of unsigned plugins when provenance (.prov) is missing, bypassing signature verification. Affected are Helm versions 4.0.0–4.1.3; the issue is fixed in 4.1.4.
CVE-2026-35204 Helm has a path traversal in plugin metadata version enables arbitrary file write outside Helm plugin directory
Helm is a package manager for Charts for Kubernetes. From 4.0.0 to 4.1.3, a specially crafted Helm plugin, when installed or updated, will cause Helm to write the contents of the plugin to an arbitrary filesystem location. To prevent this, validate that the plugin.yaml of the Helm plugin does not...
CVE-2026-35204 Helm has a path traversal in plugin metadata version enables arbitrary file write outside Helm plugin directory
Helm is a package manager for Charts for Kubernetes. From 4.0.0 to 4.1.3, a specially crafted Helm plugin, when installed or updated, will cause Helm to write the contents of the plugin to an arbitrary filesystem location. To prevent this, validate that the plugin.yaml of the Helm plugin does not...
CVE-2026-35204
Helm is a package manager for Charts for Kubernetes. From 4.0.0 to 4.1.3, a specially crafted Helm plugin, when installed or updated, will cause Helm to write the contents of the plugin to an arbitrary filesystem location. To prevent this, validate that the plugin.yaml of the Helm plugin does not...