Vendor
Helm versions 4.0.0 through 4.1.3 fail to enforce plugin signature verification when the .prov file is missing, allowing installation of unsigned plugins and potentially leading to arbitrary code execution.