2 matches found
CVE-2022-25856
The CVE-2022-25856 entry affects the Argo Events project: the GitArtifactReader.Read() implementation in the sensors/artifacts code path (git.go) allows directory traversal, enabling an attacker to read arbitrary files when a path contains a symbolic link or an implicit directory (e.g., using ../...
CVE-2022-31054
Argo Events (Kubernetes) prior to v1.7.1 is affected by a DoS due to several HandleRoute endpoints using deprecated ioutil.ReadAll(), which can exhaust memory on large requests. The issue affects the Argo Events server and can crash the service, with the publicly released fix in version 1.7.1. Co...