Helm Chart extraction output directory collapse via `Chart.yaml` name dot-segment

Helm is a package manager for Charts for Kubernetes. In Helm versions <=3.20.1 and <=4.1.3, a specially crafted Chart will cause helm pull --untar [chart URL | repo/chartname] to write the Chart's contents to the immediate output directory (as defaulted to the current working directory; or as given by the --destination and --untardir flags), rather than the expected output directory suffixed by the chart's name. This vulnerability is fixed in 3.20.2 and 4.1.4.

N/A

对路径名的限制不恰当(路径遍历)

Helm 路径遍历漏洞

Helm是CNCF基金会的一款Kubernetes包管理器。 Helm 3.20.1及之前版本和4.1.3及之前版本存在路径遍历漏洞，该漏洞源于特制的Chart可能导致helm pull --untar命令将Chart内容写入预期之外的输出目录。

N/A

N/A