Get the latest tech news
Helm local code execution via a malicious chart
A Helm contributor discovered that a specially crafted `Chart.yaml` file along with a specially linked `Chart.lock` file can lead to local code execution when dependencies are updated. ### Impac...
A Helm contributor discovered that a specially crafted Chart.yaml file along with a specially linked Chart.lock file can lead to local code execution when dependencies are updated. This affects the Helm SDK when the downloader Manager performs an update. Ensure the Chart.lock file in a chart is not a symlink prior to updating dependencies.
Or read this on Hacker News