CVE-2021-23154

Name of the Vulnerable Software and Affected Versions Lens versions prior to 5.3.4

Description The issue allows custom helm chart configuration to create helm commands from string concatenation of provided arguments, which are then executed in the user's shell. This can be exploited by providing arguments that cause arbitrary shell commands to run on the system.

Recommendations For Lens versions prior to 5.3.4, update to version 5.3.4 or later to resolve the issue. As a temporary workaround, consider restricting the use of custom helm chart configuration to minimize the risk of exploitation. Avoid providing arguments that could be used to execute arbitrary shell commands.