43 matches found
Arbitrary Code Injection
Overview github.com/helm/helm/pkg/downloader is a Package downloader provides a library for downloading charts. Affected versions of this package are vulnerable to Arbitrary Code Injection via the writeLock function. An attacker can execute arbitrary code by supplying crafted chart templates...
CVE-2025-53547 Helm Chart Dependency Updating With Malicious Chart.yaml Content And Symlink Can Lead To Code Execution
Helm is a package manager for Charts for Kubernetes. Prior to 3.18.4, a specially crafted Chart.yaml file along with a specially linked Chart.lock file can lead to local code execution when dependencies are updated. Fields in a Chart.yaml file, that are carried over to a Chart.lock file when...
CVE-2025-53547 Helm Chart Dependency Updating With Malicious Chart.yaml Content And Symlink Can Lead To Code Execution
Helm is a package manager for Charts for Kubernetes. Prior to 3.18.4, a specially crafted Chart.yaml file along with a specially linked Chart.lock file can lead to local code execution when dependencies are updated. Fields in a Chart.yaml file, that are carried over to a Chart.lock file when...
CVE-2025-53547
Helm is a package manager for Charts for Kubernetes. Prior to 3.18.4, a specially crafted Chart.yaml file along with a specially linked Chart.lock file can lead to local code execution when dependencies are updated. Fields in a Chart.yaml file, that are carried over to a Chart.lock file when...
PT-2025-28768
Name of the Vulnerable Software and Affected Versions: Helm versions prior to 3.18.4 Description: A specially crafted Chart.yaml file along with a specially linked Chart.lock file can lead to local code execution when dependencies are updated. Fields in a Chart.yaml file can be crafted to cause...
BIT-HELM-2024-25620 Dependency management path traversal in helm
Helm is a tool for managing Charts. Charts are packages of pre-configured Kubernetes resources. When either the Helm client or SDK is used to save a chart whose name within the Chart.yaml file includes a relative path change, the chart would be saved outside its expected directory based on the...
BIT-HELM-2020-15184 Aliases are never checked in Helm
In Helm before versions 2.16.11 and 3.3.2 there is a bug in which the alias field on a Chart.yaml is not properly sanitized. This could lead to the injection of unwanted information into a chart. This issue has been patched in Helm 3.3.2 and 2.16.11. A possible workaround is to manually review th...
Path Traversal
github.com/helm/helm is vulnerable to Path Traversal. This vulnerability is due to a flaw in the validation and linting process within the client and SDK, allowing the saving of charts outside their expected directory based on changes in relative paths specified in the Chart.yaml file. An attacke...
CVE-2024-25620
Helm is a tool for managing Charts. Charts are packages of pre-configured Kubernetes resources. When either the Helm client or SDK is used to save a chart whose name within the Chart.yaml file includes a relative path change, the chart would be saved outside its expected directory based on the...
PT-2024-4076 · Helm +2 · Helm +2
Name of the Vulnerable Software and Affected Versions: Helm versions prior to 3.14.1 Description: The issue is related to the Helm client or SDK saving a chart outside its expected directory based on changes in the relative path within the Chart.yaml file. This occurs when the chart's name includ...
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
Helm is open-source software which is essentially "The Kubernetes Package Manager". Helm is a tool for managing Charts. Charts are packages of pre-configured Kubernetes resources. In Helm from version 3.0 and before version 3.5.2, there a few cases where data loaded from potentially untrusted...
Aliases are never checked in helm
Impact During a security audit of Helm's code base, security researchers at Trail of Bits identified a bug in which the alias field on a Chart.yaml is not properly sanitized. This could lead to the injection of unwanted information into a chart. Patches This issue has been patched in Helm 3.3.2 a...
GHSA-9VP5-M38W-J776 Aliases are never checked in helm
Impact During a security audit of Helm's code base, security researchers at Trail of Bits identified a bug in which the alias field on a Chart.yaml is not properly sanitized. This could lead to the injection of unwanted information into a chart. Patches This issue has been patched in Helm 3.3.2 a...
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
In Helm before versions 2.16.11 and 3.3.2 there is a bug in which the alias field on a Chart.yaml is not properly sanitized. This could lead to the injection of unwanted information into a chart. This issue has been patched in Helm 3.3.2 and 2.16.11. A possible workaround is to manually review th...
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
In Helm before versions 2.16.11 and 3.3.2 there is a bug in which the alias field on a Chart.yaml is not properly sanitized. This could lead to the injection of unwanted information into a chart. This issue has been patched in Helm 3.3.2 and 2.16.11. A possible workaround is to manually review th...
CVE-2021-21303 Injection attack in Helm
Helm is open-source software which is essentially "The Kubernetes Package Manager". Helm is a tool for managing Charts. Charts are packages of pre-configured Kubernetes resources. In Helm from version 3.0 and before version 3.5.2, there a few cases where data loaded from potentially untrusted...
CVE-2020-15184
In Helm before versions 2.16.11 and 3.3.2 there is a bug in which the alias field on a Chart.yaml is not properly sanitized. This could lead to the injection of unwanted information into a chart. This issue has been patched in Helm 3.3.2 and 2.16.11. A possible workaround is to manually review th...
Helm Code Issue Vulnerability
helm is a Kubernetes package manager. A security vulnerability exists in Helm versions prior to 2.16.11 and 3.3.2 that stems from a failure to properly clean up the alias field in Chart.yaml. No details of the vulnerability are available at this time...
CVE-2020-15184
In Helm before versions 2.16.11 and 3.3.2 there is a bug in which the alias field on a Chart.yaml is not properly sanitized. This could lead to the injection of unwanted information into a chart. This issue has been patched in Helm 3.3.2 and 2.16.11. A possible workaround is to manually review th...
CVE-2020-15184
In Helm before versions 2.16.11 and 3.3.2 there is a bug in which the alias field on a Chart.yaml is not properly sanitized. This could lead to the injection of unwanted information into a chart. This issue has been patched in Helm 3.3.2 and 2.16.11. A possible workaround is to manually review th...