Lucene search
+L

43 matches found

Snyk
Snyk
added 2025/07/08 9:39 p.m.3 views

Arbitrary Code Injection

Overview github.com/helm/helm/pkg/downloader is a Package downloader provides a library for downloading charts. Affected versions of this package are vulnerable to Arbitrary Code Injection via the writeLock function. An attacker can execute arbitrary code by supplying crafted chart templates...

8.6CVSS8AI score0.00363EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2025/07/08 9:39 p.m.5 views

CVE-2025-53547 Helm Chart Dependency Updating With Malicious Chart.yaml Content And Symlink Can Lead To Code Execution

Helm is a package manager for Charts for Kubernetes. Prior to 3.18.4, a specially crafted Chart.yaml file along with a specially linked Chart.lock file can lead to local code execution when dependencies are updated. Fields in a Chart.yaml file, that are carried over to a Chart.lock file when...

8.5CVSS7.6AI score0.00363EPSS
Exploits1References2
OSV
OSV
added 2025/07/08 9:39 p.m.5 views

CVE-2025-53547 Helm Chart Dependency Updating With Malicious Chart.yaml Content And Symlink Can Lead To Code Execution

Helm is a package manager for Charts for Kubernetes. Prior to 3.18.4, a specially crafted Chart.yaml file along with a specially linked Chart.lock file can lead to local code execution when dependencies are updated. Fields in a Chart.yaml file, that are carried over to a Chart.lock file when...

8.5CVSS7.2AI score0.00363EPSS
Exploits1References5
AlpineLinux
AlpineLinux
added 2025/07/08 9:39 p.m.7 views

CVE-2025-53547

Helm is a package manager for Charts for Kubernetes. Prior to 3.18.4, a specially crafted Chart.yaml file along with a specially linked Chart.lock file can lead to local code execution when dependencies are updated. Fields in a Chart.yaml file, that are carried over to a Chart.lock file when...

8.6CVSS7.7AI score0.00363EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2025/07/08 12:0 a.m.5 views

PT-2025-28768

Name of the Vulnerable Software and Affected Versions: Helm versions prior to 3.18.4 Description: A specially crafted Chart.yaml file along with a specially linked Chart.lock file can lead to local code execution when dependencies are updated. Fields in a Chart.yaml file can be crafted to cause...

8.6CVSS8.3AI score0.00363EPSS
Exploits1References27
OSV
OSV
added 2024/03/31 6:18 p.m.21 views

BIT-HELM-2024-25620 Dependency management path traversal in helm

Helm is a tool for managing Charts. Charts are packages of pre-configured Kubernetes resources. When either the Helm client or SDK is used to save a chart whose name within the Chart.yaml file includes a relative path change, the chart would be saved outside its expected directory based on the...

6.4CVSS6.4AI score0.00567EPSS
Exploits0References3
OSV
OSV
added 2024/03/06 10:55 a.m.27 views

BIT-HELM-2020-15184 Aliases are never checked in Helm

In Helm before versions 2.16.11 and 3.3.2 there is a bug in which the alias field on a Chart.yaml is not properly sanitized. This could lead to the injection of unwanted information into a chart. This issue has been patched in Helm 3.3.2 and 2.16.11. A possible workaround is to manually review th...

4CVSS4AI score0.01029EPSS
Exploits0References3
Veracode
Veracode
added 2024/02/15 7:16 a.m.24 views

Path Traversal

github.com/helm/helm is vulnerable to Path Traversal. This vulnerability is due to a flaw in the validation and linting process within the client and SDK, allowing the saving of charts outside their expected directory based on changes in relative paths specified in the Chart.yaml file. An attacke...

6.4CVSS6.9AI score0.00567EPSS
Exploits0References2Affected Software1
UbuntuCve
UbuntuCve
added 2024/02/15 12:0 a.m.20 views

CVE-2024-25620

Helm is a tool for managing Charts. Charts are packages of pre-configured Kubernetes resources. When either the Helm client or SDK is used to save a chart whose name within the Chart.yaml file includes a relative path change, the chart would be saved outside its expected directory based on the...

6.4CVSS6.7AI score0.00567EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/02/14 12:0 a.m.4 views

PT-2024-4076 · Helm +2 · Helm +2

Name of the Vulnerable Software and Affected Versions: Helm versions prior to 3.14.1 Description: The issue is related to the Helm client or SDK saving a chart outside its expected directory based on changes in the relative path within the Chart.yaml file. This occurs when the chart's name includ...

7.5CVSS7.8AI score0.00926EPSS
Exploits0References38
GitLab Advisory Database
GitLab Advisory Database
added 2021/06/23 12:0 a.m.28 views

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Helm is open-source software which is essentially "The Kubernetes Package Manager". Helm is a tool for managing Charts. Charts are packages of pre-configured Kubernetes resources. In Helm from version 3.0 and before version 3.5.2, there a few cases where data loaded from potentially untrusted...

6.8CVSS0.2AI score0.0103EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2021/05/24 4:56 p.m.66 views

Aliases are never checked in helm

Impact During a security audit of Helm's code base, security researchers at Trail of Bits identified a bug in which the alias field on a Chart.yaml is not properly sanitized. This could lead to the injection of unwanted information into a chart. Patches This issue has been patched in Helm 3.3.2 a...

4CVSS5.4AI score0.01029EPSS
Exploits0References5Affected Software2
OSV
OSV
added 2021/05/24 4:56 p.m.34 views

GHSA-9VP5-M38W-J776 Aliases are never checked in helm

Impact During a security audit of Helm's code base, security researchers at Trail of Bits identified a bug in which the alias field on a Chart.yaml is not properly sanitized. This could lead to the injection of unwanted information into a chart. Patches This issue has been patched in Helm 3.3.2 a...

3.7CVSS4.3AI score0.01029EPSS
Exploits0References5
GitLab Advisory Database
GitLab Advisory Database
added 2021/05/24 12:0 a.m.44 views

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

In Helm before versions 2.16.11 and 3.3.2 there is a bug in which the alias field on a Chart.yaml is not properly sanitized. This could lead to the injection of unwanted information into a chart. This issue has been patched in Helm 3.3.2 and 2.16.11. A possible workaround is to manually review th...

4CVSS2.4AI score0.01029EPSS
Exploits0References5Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2021/05/24 12:0 a.m.46 views

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

In Helm before versions 2.16.11 and 3.3.2 there is a bug in which the alias field on a Chart.yaml is not properly sanitized. This could lead to the injection of unwanted information into a chart. This issue has been patched in Helm 3.3.2 and 2.16.11. A possible workaround is to manually review th...

4CVSS2.4AI score0.01029EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2021/02/05 9:40 p.m.46 views

CVE-2021-21303 Injection attack in Helm

Helm is open-source software which is essentially "The Kubernetes Package Manager". Helm is a tool for managing Charts. Charts are packages of pre-configured Kubernetes resources. In Helm from version 3.0 and before version 3.5.2, there a few cases where data loaded from potentially untrusted...

5.9CVSS6.8AI score0.0103EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2020/09/24 11:16 a.m.27 views

CVE-2020-15184

In Helm before versions 2.16.11 and 3.3.2 there is a bug in which the alias field on a Chart.yaml is not properly sanitized. This could lead to the injection of unwanted information into a chart. This issue has been patched in Helm 3.3.2 and 2.16.11. A possible workaround is to manually review th...

4CVSS2.5AI score0.01029EPSS
Exploits0References3
CNVD
CNVD
added 2020/09/23 12:0 a.m.4 views

Helm Code Issue Vulnerability

helm is a Kubernetes package manager. A security vulnerability exists in Helm versions prior to 2.16.11 and 3.3.2 that stems from a failure to properly clean up the alias field in Chart.yaml. No details of the vulnerability are available at this time...

4CVSS6.8AI score0.01029EPSS
Exploits0References1
NVD
NVD
added 2020/09/17 9:15 p.m.23 views

CVE-2020-15184

In Helm before versions 2.16.11 and 3.3.2 there is a bug in which the alias field on a Chart.yaml is not properly sanitized. This could lead to the injection of unwanted information into a chart. This issue has been patched in Helm 3.3.2 and 2.16.11. A possible workaround is to manually review th...

4CVSS0.01029EPSS
Exploits0References2
OSV
OSV
added 2020/09/17 9:15 p.m.24 views

CVE-2020-15184

In Helm before versions 2.16.11 and 3.3.2 there is a bug in which the alias field on a Chart.yaml is not properly sanitized. This could lead to the injection of unwanted information into a chart. This issue has been patched in Helm 3.3.2 and 2.16.11. A possible workaround is to manually review th...

2.7CVSS6.6AI score
Exploits0References2
Rows per page
Query Builder