Information Exposure Affecting github.com/helm/helm/pkg/getter Open this link in a new tab package, versions <3.6.1
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.Test your applications
24 Jun 2021
23 Jun 2021
How to fix?
github.com/helm/helm/pkg/getter to version 3.6.1 or higher.
github.com/helm/helm/pkg/getter is a Package getter provides a generalize tool for fetching data by scheme.
Affected versions of this package are vulnerable to Information Exposure. A vulnerability exists where the username and password credentials associated with a Helm repository could be passed on to another domain referenced by that Helm repository.