Go modules package
helm.sh/helm/v3
pkg:golang/helm.sh/helm/v3
Vulnerabilities (23)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2020-4053 | — | >= 3.0.0, < 3.2.4 | 3.2.4 | Jun 16, 2020 | In Helm greater than or equal to 3.0.0 and less than 3.2.4, a path traversal attack is possible when installing Helm plugins from a tar archive over HTTP. It is possible for a malicious plugin author to inject a relative path into a plugin archive, and copy a file outside of the | ||
| CVE-2020-11013 | — | >= 3.0.0, < 3.1.3 | 3.1.3 | Apr 24, 2020 | Their is an information disclosure vulnerability in Helm from version 3.1.0 and before version 3.2.0. `lookup` is a Helm template function introduced in Helm v3. It is able to lookup resources in the cluster to check for the existence of specific resources and get details about t | ||
| CVE-2020-7919 | — | >= 3.0.0, < 3.1.0 | 3.1.0 | Mar 16, 2020 | Go before 1.12.16 and 1.13.x before 1.13.7 (and the crypto/cryptobyte package before 0.0.0-20200124225646-8b5121be2f68 for Go) allows attacks on clients (resulting in a panic) via a malformed X.509 certificate. |
- CVE-2020-4053Jun 16, 2020affected >= 3.0.0, < 3.2.4fixed 3.2.4
In Helm greater than or equal to 3.0.0 and less than 3.2.4, a path traversal attack is possible when installing Helm plugins from a tar archive over HTTP. It is possible for a malicious plugin author to inject a relative path into a plugin archive, and copy a file outside of the
- CVE-2020-11013Apr 24, 2020affected >= 3.0.0, < 3.1.3fixed 3.1.3
Their is an information disclosure vulnerability in Helm from version 3.1.0 and before version 3.2.0. `lookup` is a Helm template function introduced in Helm v3. It is able to lookup resources in the cluster to check for the existence of specific resources and get details about t
- CVE-2020-7919Mar 16, 2020affected >= 3.0.0, < 3.1.0fixed 3.1.0
Go before 1.12.16 and 1.13.x before 1.13.7 (and the crypto/cryptobyte package before 0.0.0-20200124225646-8b5121be2f68 for Go) allows attacks on clients (resulting in a panic) via a malformed X.509 certificate.
Page 2 of 2