{"id":"CVE-2020-15186","details":"In Helm before versions 2.16.11 and 3.3.2 plugin names are not sanitized properly. As a result, a malicious plugin author could use characters in a plugin name that would result in unexpected behavior, such as duplicating the name of another plugin or spoofing the output to `helm --help`. This issue has been patched in Helm 3.3.2. A possible workaround is to not install untrusted Helm plugins. Examine the `name` field in the `plugin.yaml` file for a plugin, looking for characters outside of the [a-zA-Z0-9._-] range.","aliases":["BIT-helm-2020-15186","GHSA-m54r-vrmv-hw33"],"modified":"2026-05-28T04:05:13.464787897Z","published":"2020-09-17T22:15:12.520Z","related":["SUSE-SU-2020:3760-1"],"database_specific":{},"references":[{"type":"ADVISORY","url":"https://github.com/helm/helm/security/advisories/GHSA-m54r-vrmv-hw33"},{"type":"FIX","url":"https://github.com/helm/helm/commit/809e2d999e2c33e20e77f6bff30652d79c287542"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/helm/helm","events":[{"introduced":"51bdad42756dfaf3234f53ef3d3cb6bcd94144c2"},{"fixed":"73b28bab84490d18ab1b71489a574ee18e229eea"},{"introduced":"e29ce2a54e96cd02ccfce88bee4f58bb6e2a28b6"},{"fixed":"e5077257b6ca106d1f65652b4ca994736d221ab1"},{"fixed":"809e2d999e2c33e20e77f6bff30652d79c287542"}],"database_specific":{"cpe":"cpe:2.3:a:helm:helm:*:*:*:*:*:*:*:*","source":["CPE_RANGE","REFERENCES"],"extracted_events":[{"introduced":"2.0.0"},{"fixed":"2.16.11"},{"introduced":"3.0.0"},{"fixed":"3.3.2"}]}}],"versions":["v2.16.10","v3.3.1","v3.3.0-rc.2","v3.3.0","v2.16.9","v3.3.0-rc.1","v2.16.8","v2.16.7","v3.0.0-beta.5","v3.0.0-beta.4","v3.0.0-beta.3","v3.0.0-beta.2","v3.0.0-beta.1","v3.0.0-alpha.2","v3.0.0-alpha.1","v2.10.0-rc.2","v2.10.0-rc.1","v2.8.0-rc.1","v2.7.0","v2.7.0-rc1","v2.6.0","v2.5.0","v2.4.0","v2.3.0","v2.2.0","v2.1.0","v2.0.0"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-15186.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N"}]}