3 matches found
CVE-2026-35206
Helm is a package manager for Charts for Kubernetes. In Helm versions =3.20.1 and =4.1.3, a specially crafted Chart will cause helm pull --untar chart URL | repo/chartname to write the Chart's contents to the immediate output directory as defaulted to the current working directory; or as given by...
PT-2026-31732
Name of the Vulnerable Software and Affected Versions Helm versions 3.20.1 and earlier, and versions 4.1.3 and earlier Description Helm, a package manager for Kubernetes Charts, is affected by an issue where a specially crafted Chart can cause the helm pull --untar command to write chart contents...
CVE-2026-34986
Go JOSE provides an implementation of the Javascript Object Signing and Encryption set of standards in Go, including support for JSON Web Encryption JWE, JSON Web Signature JWS, and JSON Web Token JWT standards. Prior to 4.1.4 and 3.0.5, decrypting a JSON Web Encryption JWE object will panic if t...