Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Improper sanitization of plugin names in Helm
Vulnerability Description
In Helm before versions 2.16.11 and 3.3.2 plugin names are not sanitized properly. As a result, a malicious plugin author could use characters in a plugin name that would result in unexpected behavior, such as duplicating the name of another plugin or spoofing the output to `helm --help`. This issue has been patched in Helm 3.3.2. A possible workaround is to not install untrusted Helm plugins. Examine the `name` field in the `plugin.yaml` file for a plugin, looking for characters outside of the [a-zA-Z0-9._-] range.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:N
Vulnerability Type
输入验证不恰当
Vulnerability Title
helm 注入漏洞
Vulnerability Description
helm是一款Kubernetes包管理器。 Helm 2.16.11 之前版本和3.3.2版本存在注入漏洞,该漏洞源于没有正确清理插件名,攻击者可利用该漏洞在插件名称中使用非法字符进行攻击。
CVSS Information
N/A
Vulnerability Type
N/A