Vulnerability Report: GO-2022-1040
- CVE-2021-21303, GHSA-c38g-469g-cmgx
- Affects: helm.sh/helm/v3
- Published: Oct 18, 2022
- Modified: May 20, 2024
Helm does not sanitize all fields read from repository data files. A maliciously crafted data file may contain strings containing arbitrary data. If printed to a terminal, a malicious string could obscure or alter data on the screen.
For detailed information about this vulnerability, visit https://github.com/advisories/GHSA-c38g-469g-cmgx.
Affected Packages
-
PathGo VersionsSymbols
-
from v3.0.0 before v3.5.2
-
from v3.0.0 before v3.5.2
-
from v3.0.0 before v3.5.2
Aliases
References
- https://github.com/advisories/GHSA-c38g-469g-cmgx
- https://github.com/helm/helm/commit/6ce9ba60b73013857e2e7c73d3f86ed70bc1ac9a
- https://vuln.go.dev/ID/GO-2022-1040.json
Feedback
See anything missing or incorrect?
Suggest an edit to this report.