github.com/helm/helm is vulnerable to symlink attack. During loading or packaging of a chart as a directory, a malicious chart containing symlinks could be used to obtain system files such as /etc/passwd
. The vulnerability can also be used to cause a denial of service condition when special files such as /dec/urandom
are referenced via the symlinks.