Impact
During a security audit of Helm's code base, security researchers at Trail of Bits identified a bug in which the alias field on a Chart.yaml is not properly sanitized. This could lead to the injection of unwanted information into a chart.
Patches
This issue has been patched in Helm 3.3.2 and 2.16.11
Workarounds
Manually review the dependencies field of any untrusted chart, verifying that the alias field is either not used, or (if used) does not contain newlines or path characters.
Impact
During a security audit of Helm's code base, security researchers at Trail of Bits identified a bug in which the
aliasfield on aChart.yamlis not properly sanitized. This could lead to the injection of unwanted information into a chart.Patches
This issue has been patched in Helm 3.3.2 and 2.16.11
Workarounds
Manually review the
dependenciesfield of any untrusted chart, verifying that thealiasfield is either not used, or (if used) does not contain newlines or path characters.