File tree 2 files changed +120
-0
lines changed
2 files changed +120
-0
lines changed Original file line number Diff line number Diff line change 1+ {
2+ "schema_version" : " 1.3.1"
3+ "id" : " GO-2024-3226"
4+ "modified" : " 0001-01-01T00:00:00Z"
5+ "published" : " 0001-01-01T00:00:00Z"
6+ "aliases" : [
7+ " CVE-2024-47827"
8+ " GHSA-ghjw-32xw-ffwr"
9+ ],
10+ "summary" : " Argo Workflows Controller: Denial of Service via malicious daemon Workflows in github.com/argoproj/argo-workflows"
11+ "details" : " Argo Workflows Controller: Denial of Service via malicious daemon Workflows in github.com/argoproj/argo-workflows"
12+ "affected" : [
13+ {
14+ "package" : {
15+ "name" : " github.com/argoproj/argo-workflows"
16+ "ecosystem" : " Go"
17+ },
18+ "ranges" : [
19+ {
20+ "type" : " SEMVER"
21+ "events" : [
22+ {
23+ "introduced" : " 0"
24+ }
25+ ]
26+ }
27+ ],
28+ "ecosystem_specific" : {}
29+ },
30+ {
31+ "package" : {
32+ "name" : " github.com/argoproj/argo-workflows/v2"
33+ "ecosystem" : " Go"
34+ },
35+ "ranges" : [
36+ {
37+ "type" : " SEMVER"
38+ "events" : [
39+ {
40+ "introduced" : " 0"
41+ }
42+ ]
43+ }
44+ ],
45+ "ecosystem_specific" : {}
46+ },
47+ {
48+ "package" : {
49+ "name" : " github.com/argoproj/argo-workflows/v3"
50+ "ecosystem" : " Go"
51+ },
52+ "ranges" : [
53+ {
54+ "type" : " SEMVER"
55+ "events" : [
56+ {
57+ "introduced" : " 3.6.0-rc1"
58+ },
59+ {
60+ "fixed" : " 3.6.0-rc2"
61+ }
62+ ]
63+ }
64+ ],
65+ "ecosystem_specific" : {}
66+ }
67+ ],
68+ "references" : [
69+ {
70+ "type" : " ADVISORY"
71+ "url" : " https://github.com/argoproj/argo-workflows/security/advisories/GHSA-ghjw-32xw-ffwr"
72+ },
73+ {
74+ "type" : " ADVISORY"
75+ "url" : " https://nvd.nist.gov/vuln/detail/CVE-2024-47827"
76+ },
77+ {
78+ "type" : " FIX"
79+ "url" : " https://github.com/argoproj/argo-workflows/commit/524406451f4dfa57bf3371fb85becdb56a2b309a"
80+ },
81+ {
82+ "type" : " FIX"
83+ "url" : " https://github.com/argoproj/argo-workflows/pull/13641"
84+ },
85+ {
86+ "type" : " WEB"
87+ "url" : " https://github.com/argoproj/argo-workflows/blob/ce7f9bfb9b45f009b3e85fabe5e6410de23c7c5f/workflow/metrics/metrics_k8s_request.go#L75"
88+ }
89+ ],
90+ "database_specific" : {
91+ "url" : " https://pkg.go.dev/vuln/GO-2024-3226"
92+ "review_status" : " UNREVIEWED"
93+ }
94+ }
Original file line number Diff line number Diff line change 1+ id : GO-2024-3226
2+ modules :
3+ - module : github.com/argoproj/argo-workflows
4+ vulnerable_at : 0.4.7
5+ - module : github.com/argoproj/argo-workflows/v2
6+ vulnerable_at : 2.12.13
7+ - module : github.com/argoproj/argo-workflows/v3
8+ versions :
9+ - introduced : 3.6.0-rc1
10+ - fixed : 3.6.0-rc2
11+ vulnerable_at : 3.6.0-rc1
12+ summary : ' Argo Workflows Controller: Denial of Service via malicious daemon Workflows in github.com/argoproj/argo-workflows'
13+ cves :
14+ - CVE-2024-47827
15+ ghsas :
16+ - GHSA-ghjw-32xw-ffwr
17+ references :
18+ - advisory : https://github.com/argoproj/argo-workflows/security/advisories/GHSA-ghjw-32xw-ffwr
19+ - advisory : https://nvd.nist.gov/vuln/detail/CVE-2024-47827
20+ - fix : https://github.com/argoproj/argo-workflows/commit/524406451f4dfa57bf3371fb85becdb56a2b309a
21+ - fix : https://github.com/argoproj/argo-workflows/pull/13641
22+ - web : https://github.com/argoproj/argo-workflows/blob/ce7f9bfb9b45f009b3e85fabe5e6410de23c7c5f/workflow/metrics/metrics_k8s_request.go#L75
23+ source :
24+ id : GHSA-ghjw-32xw-ffwr
25+ created : 2024-10-28T20:42:52.577727909Z
26+ review_status : UNREVIEWED
You can’t perform that action at this time.
0 commit comments