FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Helm -- client unpacking chart that contains malicious content

Affected packages
2.0.0 <= helm < 2.12.2

Details

VuXML ID 2a8b79c3-1b6e-11e9-8cf4-1c39475b9f84
Discovery 2019-01-14
Entry 2019-01-18

Helm security notice

A specially crafted chart may be able to unpack content into locations on the filesystem outside of the chart's path, potentially overwriting existing files.

References

URL https://helm.sh/blog/helm-security-notice-2019/index.html