Vulnerabilities > Helm
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-04-24 | CVE-2020-11013 | Information Exposure vulnerability in Helm Their is an information disclosure vulnerability in Helm from version 3.1.0 and before version 3.2.0. | 4.0 |
2019-11-12 | CVE-2019-18658 | Link Following vulnerability in Helm In Helm 2.x before 2.15.2, commands that deal with loading a chart as a directory or packaging a chart provide an opportunity for a maliciously designed chart to include sensitive content such as /etc/passwd, or to execute a denial of service (DoS) via a special file such as /dev/urandom, via symlinks. | 7.5 |
2019-07-17 | CVE-2019-1010275 | Improper Certificate Validation vulnerability in Helm helm Before 2.7.2 is affected by: CWE-295: Improper Certificate Validation. | 7.5 |
2019-02-04 | CVE-2019-1000009 | Path Traversal vulnerability in Helm Chartmuseum Helm ChartMuseum version >=0.1.0 and < 0.8.1 contains a CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in HTTP API to save charts that can result in a specially crafted chart could be uploaded and saved outside the intended location. | 4.0 |
2019-02-04 | CVE-2019-1000008 | Path Traversal vulnerability in Helm All versions of Helm between Helm >=2.0.0 and < 2.12.2 contains a CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in The commands `helm fetch --untar` and `helm lint some.tgz` that can result when chart archive files are unpacked a file may be unpacked outside of the target directory. | 4.3 |