EUVD-2022-6135

Malicious code in bioql PyPI...

GO-2022-0492 Path traversal in github.com/argoproj/argo-events

GitArtifactReader is vulnerable to directory traversal attacks. The GitArtifactReader.Read function reads and returns the contents of a Git repository file. A maliciously crafted repository can exploit this to cause Read to read from arbitrary files on the filesystem...

CVE-2022-25856

The package github.com/argoproj/argo-events/sensors/artifacts before 1.7.1 are vulnerable to Directory Traversal in the g GitArtifactReader.Read API in git.go. This could allow arbitrary file reads if the GitArtifactReader is provided a pathname containing a symbolic link or an implicit directory...

CVE-2022-25856

The package github.com/argoproj/argo-events/sensors/artifacts before 1.7.1 are vulnerable to Directory Traversal in the g GitArtifactReader.Read API in git.go. This could allow arbitrary file reads if the GitArtifactReader is provided a pathname containing a symbolic link or an implicit directory...

Directory traversal

The package github.com/argoproj/argo-events/sensors/artifacts before 1.7.1 are vulnerable to Directory Traversal in the g GitArtifactReader.Read API in git.go. This could allow arbitrary file reads if the GitArtifactReader is provided a pathname containing a symbolic link or an implicit directory...

CVE-2022-25856

The CVE-2022-25856 entry affects the Argo Events project: the GitArtifactReader.Read() implementation in the sensors/artifacts code path (git.go) allows directory traversal, enabling an attacker to read arbitrary files when a path contains a symbolic link or an implicit directory (e.g., using ../...

CVE-2022-25856 Directory Traversal

The package github.com/argoproj/argo-events/sensors/artifacts before 1.7.1 are vulnerable to Directory Traversal in the g GitArtifactReader.Read API in git.go. This could allow arbitrary file reads if the GitArtifactReader is provided a pathname containing a symbolic link or an implicit directory...

GHSA-QPGX-64H2-GC3C Insecure path traversal in Git Trigger Source can lead to arbitrary file read

Impact A path traversal issue was found in the g GitArtifactReader.Read API. Read calls into g GitArtifactReader.readFromRepository that opens and reads the file that contains the trigger resource definition: go func g GitArtifactReader readFromRepositoryr git.Repository, dir string No checks are...

Insecure path traversal in Git Trigger Source can lead to arbitrary file read

Impact A path traversal issue was found in the g GitArtifactReader.Read API. Read calls into g GitArtifactReader.readFromRepository that opens and reads the file that contains the trigger resource definition: go func g GitArtifactReader readFromRepositoryr git.Repository, dir string No checks are...

PT-2022-17571 · Argo · Argo Events

Name of the Vulnerable Software and Affected Versions: github.com/argoproj/argo-events/sensors/artifacts versions prior to 1.7.1 Description: The issue concerns a Directory Traversal vulnerability in the GitArtifactReader component, specifically in the g GitArtifactReader.Read API. This could all...

npm libpq 后置链接漏洞

npm libpq is a node-native binding to the PostgreSQL libpq C client library from npm USA. A backlink vulnerability exists in versions of libpq prior to 1.7.1, which stems from the fact that Read calls to g GitArtifactReader.readFromRepository do not check for files containing trigger resource...