CVE-2019-1000008

Name of the Vulnerable Software and Affected Versions Helm versions 2.0.0 through 2.12.1

Description The issue is related to a path traversal vulnerability in Helm, where chart archive files can be unpacked outside of the target directory when using the commands helm fetch --untar and helm lint some.tgz. This can be exploited by a remote attacker who crafts a special chart archive, which can then be executed by running a Helm command. The vulnerability appears to have been fixed in version 2.12.2.

Recommendations For Helm versions 2.0.0 through 2.12.1, update to version 2.12.2 to resolve the issue. As a temporary workaround, consider avoiding the use of the helm fetch --untar and helm lint some.tgz commands until the update is applied.