What is CVE-2020-15184?

CVE-2020-15184 is a low-severity vulnerability in Helm, classified under Improper Input Validation. CVSS score: 3.7/10. Published 2020-09-17.

How severe is CVE-2020-15184?

Low severity. CVSS v3 base score is 3.7 out of 10.

Improper input validation in Helm

CVE-2020-15184

In Helm before versions 2.16.11 and 3.3.2 there is a bug in which the `alias` field on a `Chart.yaml` is not properly sanitized. This could lead to the injection of unwanted information into a chart. This issue has been patched in Helm 3.3…

Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)

EPSS: 0.002 (46.4th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 3.7 (Low). Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N.

Affected products

Helm — versions >= 2.0.0, < 2.16.11, >= 3.0.0, < 3.3.2

Weakness classification (CWE)

CWE-20 — Improper Input Validation

References

github.com/helm/helm/security/advisories/GHSA-9vp5-m38w-j776 (x_refsource_CONFIRM)
github.com/helm/helm/commit/e7c281564d8306e1dcf8023d97f972449ad74850 (x_refsource_MISC)

Frequently asked questions

What is CVE-2020-15184?: CVE-2020-15184 is a low-severity vulnerability in Helm, classified under Improper Input Validation. CVSS score: 3.7/10. Published 2020-09-17.
How severe is CVE-2020-15184?: Low severity. CVSS v3 base score is 3.7 out of 10.