AZL-66315

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-66315.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-66315

Upstream

CVE-2025-55198

Published

2025-08-14T00:15:26Z

Modified

2026-04-01T05:20:56.710501Z

Summary

CVE-2025-55198 affecting package helm for versions less than 3.14.2-9

Details

Helm is a package manager for Charts for Kubernetes. Prior to version 3.18.5, when parsing Chart.yaml and index.yaml files, an improper validation of type error can lead to a panic. This issue has been resolved in Helm 3.18.5. A workaround involves ensuring YAML files are formatted as Helm expects prior to processing them with Helm.

References

https://nvd.nist.gov/vuln/detail/CVE-2025-55198

Affected packages

Azure Linux:2 / helm

Package

Name: helm
Purl: pkg:rpm/azure-linux/helm

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.14.2-9

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-66315.json"