BIT-HELM-2026-35206 Helm Chart extraction output directory collapse via `Chart.yaml` name dot-segment

Helm is a package manager for Charts for Kubernetes. In Helm versions =3.20.1 and =4.1.3, a specially crafted Chart will cause helm pull --untar chart URL | repo/chartname to write the Chart's contents to the immediate output directory as defaulted to the current working directory; or as given by...

Helm 路径遍历漏洞

Helm is a Kubernetes package manager offered by the CNCF Foundation. Versions of Helm prior to 3.20.1 and 4.1.3 had a path traversal vulnerability. This vulnerability stemmed from specially crafted Charts, which could cause the helm pull --untar command to write Chart contents to an output...

Linux Distros Unpatched Vulnerability : CVE-2020-11013

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Their is an information disclosure vulnerability in Helm from version 3.1.0 and before version 3.2.0. lookup is a Helm template function introduced in Helm v3. ...

AZL-59808 CVE-2025-32386 affecting package helm for versions less than 3.14.2-6

Helm is a tool for managing Charts. A chart archive file can be crafted in a manner where it expands to be significantly larger uncompressed than compressed e.g., 800x difference. When Helm loads this specially crafted chart, memory can be exhausted causing the application to terminate. This issu...

AZL-33343 CVE-2023-44487 affecting package helm for versions less than 3.14.0-1

The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023...

AZL-27027 CVE-2023-2253 affecting package helm for versions less than 3.13.2-1

A flaw was found in the /v2/catalog endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned query string: n. This vulnerability allows a malicious user to submit an unreasonably large value for n, causing the allocation of a massive strin...

SUSE CVE-2020-15185

In Helm before versions 2.16.11 and 3.3.2, a Helm repository can contain duplicates of the same chart, with the last one always used. If a repository is compromised, this lowers the level of access that an attacker needs to inject a bad chart into a repository. To perform this attack, an attacker...

Helm 代码问题漏洞

Helm is a Kubernetes package manager. A code issue vulnerability exists in Helm versions prior to 3.10.3 that stems from being constrained by the NULL Pointer Dereference in thechartutil package, which could lead to a segmentation violation...

PT-2021-14402 · Helm +1 · Helm +1

Name of the Vulnerable Software and Affected Versions: Helm versions 3.0 through 3.5.2 Description: Helm, a tool for managing Charts in Kubernetes, has cases where data loaded from potentially untrusted sources was not properly sanitized. This includes invalid SemVer in the version field of a...

PT-2020-14256 · Helm +2 · Helm +2

Name of the Vulnerable Software and Affected Versions: Helm versions prior to 2.16.11 Helm versions prior to 3.3.2 Description: A Helm repository can contain duplicates of the same chart, with the last one always used. If a repository is compromised, this lowers the level of access that an attack...

PT-2019-11539 · Kubernetes · Helm

Name of the Vulnerable Software and Affected Versions: helm versions prior to 2.7.2 Description: The issue concerns improper certificate validation, allowing unauthorized clients to connect to the server because self-signed client certificates were allowed. A malicious client could exploit this b...