EUVD-2021-1738

Malware in sbrugna...

Workflow re-write vulnerability using input parameter

Impact Allow end-users to set input parameters, but otherwise expect workflows to be secure. Patches Not yet. Workarounds Set EXPRESSIONTEMPLATES=false for the workflow controller References https://github.com/argoproj/argo-workflows/issues/6441 For more information If you have any questions or...

GHSA-H563-XH25-X54Q Workflow re-write vulnerability using input parameter

Impact Allow end-users to set input parameters, but otherwise expect workflows to be secure. Patches Not yet. Workarounds Set EXPRESSIONTEMPLATES=false for the workflow controller References https://github.com/argoproj/argo-workflows/issues/6441 For more information If you have any questions or...

Improper Input Validation

In Argo Workflows through 3.1.3, if EXPRESSIONTEMPLATES is enabled and untrusted users are allowed to specify input parameters when running workflows, an attacker may be able to disrupt a workflow because expression template output is evaluated...

Code injection

In Argo Workflows through 3.1.3, if EXPRESSIONTEMPLATES is enabled and untrusted users are allowed to specify input parameters when running workflows, an attacker may be able to disrupt a workflow because expression template output is evaluated...

Argo 输入验证错误漏洞

Argo is an open source container-native workflow engine. A security vulnerability exists in Argo Workflows 3.1.3 that could allow an attacker to corrupt a workflow if EXPRESSIONTEMPLATES is enabled and an untrusted user is allowed to specify input parameters when running the workflow...

PT-2021-21906

Name of the Vulnerable Software and Affected Versions: Argo Workflows versions 3.1.3 and earlier Description: The issue arises when EXPRESSION TEMPLATES is enabled and untrusted users can specify input parameters for workflows. This allows an attacker to potentially disrupt a workflow because the...