Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Helm ChartMuseum version >=0.1.0 and < 0.8.1 contains a CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in HTTP API to save charts that can result in a specially crafted chart could be uploaded and saved outside the intended location. This attack appears to be exploitable via A POST request to the HTTP API can save a chart archive outside of the intended directory. If authentication is, optionally, enabled this requires an authorized user to do so. This vulnerability appears to have been fixed in 0.8.1.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Helm ChartMuseum 路径遍历漏洞
Vulnerability Description
Helm ChartMuseum是一款使用Go语言编写的开源图表存储服务器。 Helm ChartMuseum 0.1.0版本至0.8.1之前版本中HTTP API存在目录遍历漏洞。攻击者可通过发送POST请求利用该漏洞写入任意文件。
CVSS Information
N/A
Vulnerability Type
N/A