15 matches found
Helm Chart extraction output directory collapse via `Chart.yaml` name dot-segment
...
SUSE-SU-2026:20685-1 Security update for helm
This update for helm fixes the following issues: - Update to version 3.19.1: CVE-2025-47911: golang.org/x/net/html: Fixed various algorithms with quadratic complexity when parsing HTML documents bsc1251442 CVE-2025-58190: golang.org/x/net/html: Fixed xcessive memory consumption by...
EUVD-2025-24646
Malicious code in bioql PyPI...
CVE-2025-55198
A flaw was found in helm.sh/helm/v3. Improper validation of type errors during parsing of Chart.yaml and index.yaml files can trigger a panic. A remote attacker, requiring user interaction, can trigger this panic via a malformed chart file. This can lead to an application level denial of service...
AZL-66315 CVE-2025-55198 affecting package helm for versions less than 3.14.2-9
Helm is a package manager for Charts for Kubernetes. Prior to version 3.18.5, when parsing Chart.yaml and index.yaml files, an improper validation of type error can lead to a panic. This issue has been resolved in Helm 3.18.5. A workaround involves ensuring YAML files are formatted as Helm expect...
Use of Uninitialized Resource
Overview helm.sh/helm/pkg/chartutil is a package that contains tools for working with charts. Affected versions of this package are vulnerable to Use of Uninitialized Resource via improper validation when parsing Chart.yaml and index.yaml files. An attacker can cause a panic in the application by...
Use of Uninitialized Resource
Overview Affected versions of this package are vulnerable to Use of Uninitialized Resource via improper validation when parsing Chart.yaml and index.yaml files. An attacker can cause a panic in the application by providing malformed or unexpected YAML content, such as a null maintainer, non-strin...
GHSA-F9F8-9PMF-XV68 Helm May Panic Due To Incorrect YAML Content
A Helm contributor discovered an improper validation of type error when parsing Chart.yaml and index.yaml files that can lead to a panic. Impact There are two areas of YAML validation that were impacted. First, when a Chart.yaml file had a null maintainer or the child or parent of a dependencies...
CVE-2025-55198
CVE-2025-55198 affects Helm (Charts for Kubernetes). Prior to 3.18.5, parsing Chart.yaml and index.yaml could panic due to improper type validation. Helm 3.18.5 fixes the issue; a workaround is to ensure YAML files are formatted as Helm expects before processing. The IBM/Converged IBM bulletins l...
CVE-2025-55198 Helm May Panic Due To Incorrect YAML Content
Helm is a package manager for Charts for Kubernetes. Prior to version 3.18.5, when parsing Chart.yaml and index.yaml files, an improper validation of type error can lead to a panic. This issue has been resolved in Helm 3.18.5. A workaround involves ensuring YAML files are formatted as Helm expect...
CVE-2025-53547
Helm is a package manager for Charts for Kubernetes. Prior to 3.18.4, a specially crafted Chart.yaml file along with a specially linked Chart.lock file can lead to local code execution when dependencies are updated. Fields in a Chart.yaml file, that are carried over to a Chart.lock file when...
Helm 代码注入漏洞
Helm is a Kubernetes package manager from the CNCF Foundation. A code injection vulnerability exists in Helm versions prior to 3.18.4 that stems from specially crafted Chart.yaml and Chart.lock files that could lead to native code execution...
Helm 安全漏洞
Helm is a Kubernetes package manager from the CNCF Foundation. Helm has a security vulnerability that stems from a specially crafted chart file that could lead to memory exhaustion...
SUSE CVE-2024-25620
Helm is a tool for managing Charts. Charts are packages of pre-configured Kubernetes resources. When either the Helm client or SDK is used to save a chart whose name within the Chart.yaml file includes a relative path change, the chart would be saved outside its expected directory based on the...
UBUNTU-CVE-2021-21303
Helm is open-source software which is essentially "The Kubernetes Package Manager". Helm is a tool for managing Charts. Charts are packages of pre-configured Kubernetes resources. In Helm from version 3.0 and before version 3.5.2, there a few cases where data loaded from potentially untrusted...