4 matches found
Uncontrolled Resource Consumption
Argo Events is an event-driven workflow automation framework for Kubernetes. Prior to version 1.7.1, several HandleRoute endpoints make use of the deprecated ioutil.ReadAll. ioutil.ReadAll reads all the data into memory. As such, an attacker who sends a large request to the Argo Events server wil...
Denial Of Service (DoS)
github.com/argoproj/argo-events is vulnerable to denial of service. The use of deprecated ioutil.ReadAll. ioutil.ReadAll methods to handle new routes allows reading to all data into memory of event server, causing a out-of-memory denial-of-service attack...
CVE-2022-31054
Argo Events is an event-driven workflow automation framework for Kubernetes. Prior to version 1.7.1, several HandleRoute endpoints make use of the deprecated ioutil.ReadAll. ioutil.ReadAll reads all the data into memory. As such, an attacker who sends a large request to the Argo Events server wil...
CVE-2022-31054
Argo Events (Kubernetes) prior to v1.7.1 is affected by a DoS due to several HandleRoute endpoints using deprecated ioutil.ReadAll(), which can exhaust memory on large requests. The issue affects the Argo Events server and can crash the service, with the publicly released fix in version 1.7.1. Co...