github.com/fluxcd is vulnerable to remote code execution. The vulnerability exists due to a lack of validation of access and sanitization of flagging inputs which allows a malicious user to inject and execute arbitrary javascript code.
github.com/fluxcd/flux2/commit/b80f32ce7dd6d1d5c2985463e0f4429311925418
github.com/fluxcd/flux2/security/advisories/GHSA-vvmq-fwmg-2gjc
github.com/fluxcd/helm-controller/commit/6f4ca28c9a05ed0c13a9d76a356738eca395b7f4
github.com/fluxcd/kustomize-controller/commit/d29032e914c960d0bacad33f46b017e0d632b704