Information Exposure Affecting helm.sh/helm/pkg/downloader Open this link in a new tab package, versions <3.6.1
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.Test your applications
24 Jun 2021
23 Jun 2021
How to fix?
helm.sh/helm/pkg/downloader to version 3.6.1 or higher.
helm.sh/helm/pkg/downloader is a Package downloader provides a library for downloading charts.
Affected versions of this package are vulnerable to Information Exposure. A vulnerability exists where the username and password credentials associated with a Helm repository could be passed on to another domain referenced by that Helm repository.