-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability stems from improper symlink resolution when processing charts. The LoadDir function handles directory traversal for chart loading, and createTarFiles handles packaging. Both would have processed symlinks without validation in vulnerable versions, as evidenced by the fix adding symlink checks/logging. These functions directly implement the chart loading/packaging workflow described in the CVE and Helm's security notice.
GoGo| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| helm.sh/helm | go | >= 2.0.0, < 2.15.2 | 2.15.2 |
Ongoing coverage of React2Shell