CVE-2025-53547 on Helm <= 3.18.3

Open physik932 opened this issue 6 months ago • 3 comments

https://github.com/helm/helm/security/advisories/GHSA-557j-xg8c-q2mm

I see the latest branch here has 3.17.3 as a dependency. Is this something that can be updated by a maintainer or I can take a crack at updating?

Jul 09 '25 16:07 physik932

See https://github.com/helm/chartmuseum/pull/1090 , we will update the canary image later

Jul 10 '25 10:07 scbizu

canary image was released , will be scheduled to next release , thanks for reporting .

Jul 11 '25 02:07 scbizu

Of course! Thanks for the quick reply and canaries. We'll keep an eye out for the release!

Jul 11 '25 15:07 physik932