data/reports/GO-2025-3888.yaml - vulndb - Git at Google

 id: GO-2025-3888
 modules:
     - module: helm.sh/helm
       vulnerable_at: 2.17.0+incompatible
     - module: helm.sh/helm/v3
       versions:
         - fixed: 3.18.5
       vulnerable_at: 3.18.4
       packages:
         - package: helm.sh/helm/v3/pkg/chartutil
           symbols:
             - processImportValues
         - package: helm.sh/helm/v3/pkg/lint/rules
           symbols:
             - validateChartMaintainer
         - package: helm.sh/helm/v3/pkg/repo
           symbols:
             - loadIndex
 summary: Helm May Panic Due To Incorrect YAML Content in helm.sh/helm
 cves:
     - CVE-2025-55198
 ghsas:
     - GHSA-f9f8-9pmf-xv68
 references:
     - advisory: https://github.com/helm/helm/security/advisories/GHSA-f9f8-9pmf-xv68
     - fix: https://github.com/helm/helm/commit/ec5f59e2db56533d042a124f5bae54dd87b558e6
 source:
     id: GHSA-f9f8-9pmf-xv68
     created: 2025-08-15T17:52:52.495920551Z
 review_status: REVIEWED
	id: GO-2025-3888
	modules:
	- module: helm.sh/helm
	vulnerable_at: 2.17.0+incompatible
	- module: helm.sh/helm/v3
	versions:
	- fixed: 3.18.5
	vulnerable_at: 3.18.4
	packages:
	- package: helm.sh/helm/v3/pkg/chartutil
	symbols:
	- processImportValues
	- package: helm.sh/helm/v3/pkg/lint/rules
	symbols:
	- validateChartMaintainer
	- package: helm.sh/helm/v3/pkg/repo
	symbols:
	- loadIndex
	summary: Helm May Panic Due To Incorrect YAML Content in helm.sh/helm
	cves:
	- CVE-2025-55198
	ghsas:
	- GHSA-f9f8-9pmf-xv68
	references:
	- advisory: https://github.com/helm/helm/security/advisories/GHSA-f9f8-9pmf-xv68
	- fix: https://github.com/helm/helm/commit/ec5f59e2db56533d042a124f5bae54dd87b558e6
	source:
	id: GHSA-f9f8-9pmf-xv68
	created: 2025-08-15T17:52:52.495920551Z
	review_status: REVIEWED