Helm does not sanitize all fields read from repository data files. A maliciously crafted data file may contain strings containing arbitrary data. If printed to a terminal, a malicious string could obscure or alter data on the screen.
{ "url": "https://pkg.go.dev/vuln/GO-2022-1040", "review_status": "REVIEWED" }
{ "imports": [ { "symbols": [ "Chart.Validate", "Metadata.Validate" ], "path": "helm.sh/helm/v3/pkg/chart" }, { "symbols": [ "FindPlugins", "LoadAll", "LoadDir", "validatePluginData" ], "path": "helm.sh/helm/v3/pkg/plugin" }, { "symbols": [ "ChartRepository.DownloadIndexFile", "ChartRepository.Index", "ChartRepository.Load", "FindChartInAuthAndTLSRepoURL", "FindChartInAuthRepoURL", "FindChartInRepoURL", "IndexDirectory", "IndexFile.Add", "LoadIndexFile", "loadIndex" ], "path": "helm.sh/helm/v3/pkg/repo" } ] }