{"id":"GO-2024-2575","summary":"Helm's Missing YAML Content Leads To Panic in helm.sh/helm/v3","details":"Helm's Missing YAML Content Leads To Panic in helm.sh/helm/v3","aliases":["BIT-helm-2024-26147","CVE-2024-26147","GHSA-r53h-jv2g-vpx6"],"modified":"2026-02-04T03:44:38.199685Z","published":"2024-06-04T15:19:21Z","related":["CGA-5qjm-gjfh-jwcx"],"database_specific":{"url":"https://pkg.go.dev/vuln/GO-2024-2575","review_status":"REVIEWED"},"references":[{"type":"ADVISORY","url":"https://github.com/helm/helm/security/advisories/GHSA-r53h-jv2g-vpx6"},{"type":"FIX","url":"https://github.com/helm/helm/commit/bb4cc9125503a923afb7988f3eb478722a8580af"}],"affected":[{"package":{"name":"helm.sh/helm/v3","ecosystem":"Go","purl":"pkg:golang/helm.sh/helm/v3"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"3.14.2"}]}],"ecosystem_specific":{"imports":[{"symbols":["FindPlugins","LoadAll","LoadDir","validatePluginData"],"path":"helm.sh/helm/v3/pkg/plugin"},{"symbols":["ChartRepository.DownloadIndexFile","ChartRepository.Load","FindChartInAuthAndTLSAndPassRepoURL","FindChartInAuthAndTLSRepoURL","FindChartInAuthRepoURL","FindChartInRepoURL","LoadIndexFile","loadIndex"],"path":"helm.sh/helm/v3/pkg/repo"}]},"database_specific":{"source":"https://vuln.go.dev/ID/GO-2024-2575.json"}}],"schema_version":"1.7.3","credits":[{"name":"Jakub Ciolek at AlphaSense"}]}