Security Advisory

CVE-2020-4053

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2020-06-16 22:00:19

Last updated 2024-08-04 07:52:20

Assigner GitHub_M

State PUBLISHED

Description

In Helm greater than or equal to 3.0.0 and less than 3.2.4, a path traversal attack is possible when installing Helm plugins from a tar archive over HTTP. It is possible for a malicious plugin author to inject a relative path into a plugin archive, and copy a file outside of the intended directory. This has been fixed in 3.2.4.

← Browse all CVEs View on cve.org ↗