The package github.com/argoproj/argo-events/sensors/artifacts before 1.7.1 are vulnerable to Directory Traversal in the (g *GitArtifactReader).Read() API in git.go. This could allow arbitrary file reads if the GitArtifactReader is provided a pathname containing a symbolic link or an implicit directory name such as …
CPE | Name | Operator | Version |
---|---|---|---|
argo-events | eq | 0.13.0 | |
argo-events | eq | 0.6 | |
argo-events | eq | 0.8 | |
argo-events | eq | 0.12 | |
argo-events | eq | 0.14.0 | |
argo-events | eq | 0.5 | |
argo-events | eq | 0.13.0-rc | |
argo-events | eq | 1.7.0-rc1 | |
argo-events | eq | .0.9 | |
argo-events | eq | 0.5-beta1 |