Vulnerability Database
Blog
FAQ
Docs
GO-2023-1938
See a problem?
Please try reporting it
to the source
first.
Source
https://pkg.go.dev/vuln/GO-2023-1938
Import Source
https://vuln.go.dev/ID/GO-2023-1938.json
JSON Data
https://api.osv.dev/v1/vulns/GO-2023-1938
Aliases
CVE-2019-18658
GHSA-p5pc-m4q7-7qm9
Published
2024-08-20T20:31:38Z
Modified
2024-08-20T20:59:17.779143Z
Summary
Helm Unsafe Link Following in helm.sh/helm
Details
Helm Unsafe Link Following in helm.sh/helm
References
https://github.com/advisories/GHSA-p5pc-m4q7-7qm9
https://nvd.nist.gov/vuln/detail/CVE-2019-18658
https://helm.sh/blog/2019-10-30-helm-symlink-security-notice
Affected packages
Go
/
helm.sh/helm
Package
Name
helm.sh/helm
View open source insights on deps.dev
Purl
pkg:golang/helm.sh/helm
Affected ranges
Type
SEMVER
Events
Introduced
2.0.0+incompatible
Fixed
2.15.2+incompatible
GO-2023-1938 - OSV