Vulnerability Report: GO-2022-1040

CVE-2021-21303, GHSA-c38g-469g-cmgx
Affects: helm.sh/helm/v3
Published: Oct 18, 2022
Modified: Jun 12, 2023

Helm does not sanitize all fields read from repository data files. A maliciously crafted data file may contain strings containing arbitrary data. If printed to a terminal, a malicious string could obscure or alter data on the screen.

For detailed information about this vulnerability, visit https://github.com/advisories/GHSA-c38g-469g-cmgx.

Affected Packages

Path

Versions

Symbols
helm.sh/helm/v3/pkg/chart

from v3.0.0 before v3.5.2
- Chart.Validate
- Metadata.Validate
helm.sh/helm/v3/pkg/plugin

from v3.0.0 before v3.5.2
helm.sh/helm/v3/pkg/repo

from v3.0.0 before v3.5.2
9 affected symbols

Aliases

CVE-2021-21303
GHSA-c38g-469g-cmgx

References

https://github.com/advisories/GHSA-c38g-469g-cmgx
https://github.com/helm/helm/commit/6ce9ba60b73013857e2e7c73d3f86ed70bc1ac9a
https://vuln.go.dev/ID/GO-2022-1040.json

Feedback

See anything missing or incorrect? Suggest an edit to this report.

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL