| { |
| "schema_version": "1.3.1", |
| "id": "GO-2022-1040", |
| "modified": "0001-01-01T00:00:00Z", |
| "published": "0001-01-01T00:00:00Z", |
| "aliases": [ |
| "CVE-2021-21303", |
| "GHSA-c38g-469g-cmgx" |
| ], |
| "summary": "Insufficient sanitization of data files in helm.sh/helm/v3", |
| "details": "Helm does not sanitize all fields read from repository data files. A maliciously crafted data file may contain strings containing arbitrary data. If printed to a terminal, a malicious string could obscure or alter data on the screen.", |
| "affected": [ |
| { |
| "package": { |
| "name": "helm.sh/helm/v3", |
| "ecosystem": "Go" |
| }, |
| "ranges": [ |
| { |
| "type": "SEMVER", |
| "events": [ |
| { |
| "introduced": "3.0.0" |
| }, |
| { |
| "fixed": "3.5.2" |
| } |
| ] |
| } |
| ], |
| "ecosystem_specific": { |
| "imports": [ |
| { |
| "path": "helm.sh/helm/v3/pkg/chart", |
| "symbols": [ |
| "Chart.Validate", |
| "Metadata.Validate" |
| ] |
| }, |
| { |
| "path": "helm.sh/helm/v3/pkg/plugin", |
| "symbols": [ |
| "FindPlugins", |
| "LoadAll", |
| "LoadDir", |
| "validatePluginData" |
| ] |
| }, |
| { |
| "path": "helm.sh/helm/v3/pkg/repo", |
| "symbols": [ |
| "ChartRepository.DownloadIndexFile", |
| "ChartRepository.Index", |
| "ChartRepository.Load", |
| "FindChartInAuthAndTLSRepoURL", |
| "FindChartInAuthRepoURL", |
| "FindChartInRepoURL", |
| "IndexDirectory", |
| "IndexFile.Add", |
| "LoadIndexFile", |
| "loadIndex" |
| ] |
| } |
| ] |
| } |
| } |
| ], |
| "references": [ |
| { |
| "type": "ADVISORY", |
| "url": "https://github.com/advisories/GHSA-c38g-469g-cmgx" |
| }, |
| { |
| "type": "FIX", |
| "url": "https://github.com/helm/helm/commit/6ce9ba60b73013857e2e7c73d3f86ed70bc1ac9a" |
| } |
| ], |
| "database_specific": { |
| "url": "https://pkg.go.dev/vuln/GO-2022-1040", |
| "review_status": "REVIEWED" |
| } |
| } |