Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Helm Chart extraction output directory collapse via `Chart.yaml` name dot-segment
Vulnerability Description
Helm is a package manager for Charts for Kubernetes. In Helm versions <=3.20.1 and <=4.1.3, a specially crafted Chart will cause helm pull --untar [chart URL | repo/chartname] to write the Chart's contents to the immediate output directory (as defaulted to the current working directory; or as given by the --destination and --untardir flags), rather than the expected output directory suffixed by the chart's name. This vulnerability is fixed in 3.20.2 and 4.1.4.
CVSS Information
N/A
Vulnerability Type
对路径名的限制不恰当(路径遍历)
Vulnerability Title
Helm 路径遍历漏洞
Vulnerability Description
Helm是CNCF基金会的一款Kubernetes包管理器。 Helm 3.20.1及之前版本和4.1.3及之前版本存在路径遍历漏洞,该漏洞源于特制的Chart可能导致helm pull --untar命令将Chart内容写入预期之外的输出目录。
CVSS Information
N/A
Vulnerability Type
N/A