References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to [email protected].

Known Affected Software Configurations Switch to CPE 2.2

Change History

OR
          *cpe:2.3:a:helm:helm:*:*:*:*:*:*:*:* versions up to (excluding) 3.18.5

GitHub, Inc.: https://github.com/helm/helm/commit/ec5f59e2db56533d042a124f5bae54dd87b558e6 Types: Patch

GitHub, Inc.: https://github.com/helm/helm/security/advisories/GHSA-f9f8-9pmf-xv68 Types: Third Party Advisory

Helm is a package manager for Charts for Kubernetes. Prior to version 3.18.5, when parsing Chart.yaml and index.yaml files, an improper validation of type error can lead to a panic. This issue has been resolved in Helm 3.18.5. A workaround involves ensuring YAML files are formatted as Helm expects prior to processing them with Helm.

AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CWE-908

https://github.com/helm/helm/commit/ec5f59e2db56533d042a124f5bae54dd87b558e6

https://github.com/helm/helm/security/advisories/GHSA-f9f8-9pmf-xv68