Lucene search
GoogleOSV:CVE-2022-25856HistoryJun 17, 2022 - 8:15 p.m.
CVE-2022-25856
2022-06-1720:15:10
Google
osv.dev
4
0.001 Low
EPSS
Percentile
50.3%
The package github.com/argoproj/argo-events/sensors/artifacts before 1.7.1 are vulnerable to Directory Traversal in the (g *GitArtifactReader).Read() API in git.go. This could allow arbitrary file reads if the GitArtifactReader is provided a pathname containing a symbolic link or an implicit directory name such as …
| CPE | Name | Operator | Version |
|---|---|---|---|
| argo-events | eq | 0.13.0 | |
| argo-events | eq | 0.6 | |
| argo-events | eq | 0.8 | |
| argo-events | eq | 0.12 | |
| argo-events | eq | 0.14.0 | |
| argo-events | eq | 0.5 | |
| argo-events | eq | 0.13.0-rc | |
| argo-events | eq | 1.7.0-rc1 | |
| argo-events | eq | .0.9 | |
| argo-events | eq | 0.5-beta1 |
Related
prion
prion
Directory traversal
2022-06-17 20:15:00
nvd
nvd
CVE-2022-25856
2022-06-17 20:15:10
gitlab
gitlab
Relative Path Traversal
2022-06-17 00:00:00
cvelist
cvelist
CVE-2022-25856 Directory Traversal
2022-06-17 00:00:00
cve
cve
CVE-2022-25856
2022-06-17 20:15:10
github
github
veracode
veracode
Path Traversal
2022-06-20 03:16:42
osv
osv
Path traversal in github.com/argoproj/argo-events
2022-07-15 23:30:03