Lucene search
K

9 matches found

Snyk
Snyk
added 2026/01/13 7:57 p.m.4 views

Arbitrary Command Injection

Overview renovate is a dependency updater. Affected versions of this package are vulnerable to Arbitrary Command Injection due to the improper sanitazation of user-supplied chart name in the helmRepositoryArgs function of kustomize manager. An attacker can execute arbitrary commands on the host...

8.4CVSS7.7AI score
Exploits0References2
EUVD
EUVD
added 2026/01/13 7:57 p.m.5 views

EUVD-2026-2097

Renovate vulnerable to arbitrary command injection via kustomize manager and malicious helm repository...

7.1AI score
Exploits0References2
OSV
OSV
added 2026/01/13 7:57 p.m.1 views

GHSA-XV56-3WQ5-9997 Renovate vulnerable to arbitrary command injection via kustomize manager and malicious helm repository

Summary The user-provided chart name in the kustomize manager is appended to the helm pull --untar command without proper sanitization. Details Adversaries can provide a maliciously crafted kustomization.yaml in conjunction with a Helm repo's index.yaml file to trick Renovate to execute arbitrary...

6.7CVSS6AI score
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/01/13 7:57 p.m.11 views

Renovate vulnerable to arbitrary command injection via kustomize manager and malicious helm repository

Summary The user-provided chart name in the kustomize manager is appended to the helm pull --untar command without proper sanitization. Details Adversaries can provide a maliciously crafted kustomization.yaml in conjunction with a Helm repo's index.yaml file to trick Renovate to execute arbitrary...

8.1AI score
Exploits0References2Affected Software1
Snyk
Snyk
added 2025/08/14 12:5 a.m.2 views

Use of Uninitialized Resource

Overview github.com/helm/helm/pkg/repo is a package manager for kubernetes. Affected versions of this package are vulnerable to Use of Uninitialized Resource via improper validation when parsing Chart.yaml and index.yaml files. An attacker can cause a panic in the application by providing malform...

7.1CVSS6.9AI score0.00311EPSS
Exploits0References2
Snyk
Snyk
added 2025/08/14 12:5 a.m.2 views

Use of Uninitialized Resource

Overview helm.sh/helm/v3/pkg/repo is a package manager for kubernetes. Affected versions of this package are vulnerable to Use of Uninitialized Resource via improper validation when parsing Chart.yaml and index.yaml files. An attacker can cause a panic in the application by providing malformed or...

7.1CVSS6.9AI score0.00311EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2022/03/22 5:35 p.m.58 views

CVE-2022-1025

A privilege escalation flaw was found in ArgoCD. This flaw allows a malicious user who has push access to an application's source git or Helm repository, or sync and override access, to perform actions they are not authorized to do. For example, if the attacker has update or delete access, they c...

9CVSS2.8AI score0.01114EPSS
Exploits1References3
Veracode
Veracode
added 2021/06/24 2:23 a.m.26 views

Information Disclosure

github.com/helm/helm is vulnerable to information disclosure. The vulnerability exists because it does not limit passing of credentials such as the username and password associated with a Helm repository to another domain referenced by that Helm repository...

8.6CVSS1AI score0.01395EPSS
Exploits0References4Affected Software2
CNNVD
CNNVD
added 2021/06/16 12:0 a.m.7 views

Helm 安全漏洞

Helm is a tool for managing charts pre-configured Kubernetes resource packages. Helm is vulnerable to an information disclosure vulnerability that stems from the possibility of username and password credentials being passed to another domain referenced by this helm repository. No detailed...

8.6CVSS5.5AI score0.01395EPSS
Exploits0References11
Rows per page
Query Builder