Dominykas

**Name of the Vulnerable Software and Affected Versions** Helm versions prior to 3.14.1 **Description** The issue is related to the Helm client or SDK saving a chart outside its expected directory based on changes in the relative path within the `Chart.yaml` file. This occurs when the chart's name includes a relative path change, which is not detected by validation and linting. The estimated number of potentially affected devices is not specified. There is no information about real-world incidents where this issue was exploited. The vulnerability allows a remote attacker to save a Helm chart outside its expected directory, potentially leading to unauthorized access or modifications. Technical details about exploitation include the use of relative path changes in the chart's name within the `Chart.yaml` file, which can lead to path traversal. **Recommendations** For versions prior to 3.14.1, update to Helm v3.14.1 to resolve the issue. As a temporary workaround, check all charts used by Helm for path changes in their name as found in the `Chart.yaml` file, including dependencies.