VulnerableCode Package Details - pkg:golang/helm.sh/helm/v3@3.1.0

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-ry9q-vr9h-cbg2	Helm uses crypto package vulnerable to panic from malformed X.509 certificate The Helm core maintainers have identified a high severity security vulnerability in Go's `crypto` package affecting all versions prior to Helm 2.16.8 and Helm 3.1.0. Thanks to @ravin9249 for identifying the vulnerability. ### Impact Go before 1.12.16 and 1.13.x before 1.13.7 (and the `crypto/cryptobyte` package before 0.0.0-20200124225646-8b5121be2f68 for Go) allows attacks on clients resulting in a panic via a malformed X.509 certificate. This may allow a remote attacker to cause a denial of service. ### Patches A patch to compile Helm against Go 1.14.4 has been provided for Helm 2 and is available in Helm 2.16.8. Helm 3.1.0 and newer are compiled against Go 1.13.7+. ### Workarounds No workaround is available. Users are urged to upgrade. ### References - https://nvd.nist.gov/vuln/detail/CVE-2020-7919 - https://github.com/helm/helm/pull/8288 ### For more information If you have any questions or comments about this advisory: * Open an issue in [the Helm repository](https://github.com/helm/helm/issues) * For security-specific issues, email us at <cncf-helm-security@lists.cncf.io>	CVE-2020-7919 GHSA-cjjc-xp8v-855w

Vulnerability

Summary

Aliases

VCID-ry9q-vr9h-cbg2

Helm uses crypto package vulnerable to panic from malformed X.509 certificate The Helm core maintainers have identified a high severity security vulnerability in Go's `crypto` package affecting all versions prior to Helm 2.16.8 and Helm 3.1.0. Thanks to @ravin9249 for identifying the vulnerability. ### Impact Go before 1.12.16 and 1.13.x before 1.13.7 (and the `crypto/cryptobyte` package before 0.0.0-20200124225646-8b5121be2f68 for Go) allows attacks on clients resulting in a panic via a malformed X.509 certificate. This may allow a remote attacker to cause a denial of service. ### Patches A patch to compile Helm against Go 1.14.4 has been provided for Helm 2 and is available in Helm 2.16.8. Helm 3.1.0 and newer are compiled against Go 1.13.7+. ### Workarounds No workaround is available. Users are urged to upgrade. ### References - https://nvd.nist.gov/vuln/detail/CVE-2020-7919 - https://github.com/helm/helm/pull/8288 ### For more information If you have any questions or comments about this advisory: * Open an issue in [the Helm repository](https://github.com/helm/helm/issues) * For security-specific issues, email us at <cncf-helm-security@lists.cncf.io>

CVE-2020-7919
GHSA-cjjc-xp8v-855w

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T13:02:27.588329+00:00	GithubOSV Importer	Fixing	VCID-ry9q-vr9h-cbg2	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/06/GHSA-cjjc-xp8v-855w/GHSA-cjjc-xp8v-855w.json	38.0.0

2026-04-01T13:02:27.588329+00:00

GithubOSV Importer

Fixing

VCID-ry9q-vr9h-cbg2

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/06/GHSA-cjjc-xp8v-855w/GHSA-cjjc-xp8v-855w.json

38.0.0