← Back

Argo Events Project

argo_events_project

2 CVEs • 1 product

Products (1)

Click to collapse
Toggle
Argo Events
argo_events
2 CVEs

CVEs (2)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2022-25856
1Argo Events Project
1Argo Events
Nov 21, 2024
Jun 17, 2022
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
The package github.com/argoproj/argo-events/sensors/artifacts before 1.7.1 are vulnerable to Directory Traversal in the (g *GitArtifactReader).Read() API in git.go. This could allow arbitrary file reads if the GitArtifac...Show more
The package github.com/argoproj/argo-events/sensors/artifacts before 1.7.1 are vulnerable to Directory Traversal in the (g *GitArtifactReader).Read() API in git.go. This could allow arbitrary file reads if the GitArtifactReader is provided a pathname containing a symbolic link or an implicit directory name such as ...Show less
CVE-2022-31054
1Argo Events Project
1Argo Events
Nov 21, 2024
Jun 13, 2022
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
Argo Events is an event-driven workflow automation framework for Kubernetes. Prior to version 1.7.1, several `HandleRoute` endpoints make use of the deprecated `ioutil.ReadAll()`. `ioutil.ReadAll()` reads all the data in...Show more
Argo Events is an event-driven workflow automation framework for Kubernetes. Prior to version 1.7.1, several `HandleRoute` endpoints make use of the deprecated `ioutil.ReadAll()`. `ioutil.ReadAll()` reads all the data into memory. As such, an attacker who sends a large request to the Argo Events server will be able to crash it and cause denial of service. A patch for this vulnerability has been released in Argo Events version 1.7.1.Show less