Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5
CVE-2022-25856
- EPSS 0.98%
- Published 17.06.2022 20:15:10
- Last modified 21.11.2024 06:53:07
The package github.com/argoproj/argo-events/sensors/artifacts before 1.7.1 are vulnerable to Directory Traversal in the (g *GitArtifactReader).Read() API in git.go. This could allow arbitrary file reads if the GitArtifactReader is provided a pathname...
7.5
CVE-2022-31054
- EPSS 0.53%
- Published 13.06.2022 20:15:07
- Last modified 21.11.2024 07:03:47
Argo Events is an event-driven workflow automation framework for Kubernetes. Prior to version 1.7.1, several `HandleRoute` endpoints make use of the deprecated `ioutil.ReadAll()`. `ioutil.ReadAll()` reads all the data into memory. As such, an attacke...
1