4 matches found
Command Injection
renovate is vulnerable to Command Injection. The vulnerability arises from insufficient input validation, enabling attackers to exploit the helmv3 registryAliases feature...
Renovate vulnerable to arbitrary command injection via helmv3 manager and registryAliases
Summary Attackers with commit access to the default branch of a repo using Renovate could manipulate helmv3 registryAliases to execute arbitrary commands. Details Since 26848, registryAliases has become mergeable. This means that the helmv3 manager started honoring its value and uses a helm repo...
GHSA-RQGV-292V-5QGR Renovate vulnerable to arbitrary command injection via helmv3 manager and registryAliases
Summary Attackers with commit access to the default branch of a repo using Renovate could manipulate helmv3 registryAliases to execute arbitrary commands. Details Since 26848, registryAliases has become mergeable. This means that the helmv3 manager started honoring its value and uses a helm repo...
PT-2024-40461 · Renovate · Renovate
Name of the Vulnerable Software and Affected Versions: Renovate versions 37.158.0 through 37.199.0 Description: Attackers with commit access to the default branch of a repository using Renovate could manipulate registryAliases to execute arbitrary commands. This is due to the registryAliases...