CVE-2022-31054

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-31054

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-31054.json

Aliases

GHSA-5q86-62xr-3r57

Published

2022-06-13T20:15:07Z

Modified

2023-11-29T09:41:10.911821Z

Details

Argo Events is an event-driven workflow automation framework for Kubernetes. Prior to version 1.7.1, several HandleRoute endpoints make use of the deprecated ioutil.ReadAll(). ioutil.ReadAll() reads all the data into memory. As such, an attacker who sends a large request to the Argo Events server will be able to crash it and cause denial of service. A patch for this vulnerability has been released in Argo Events version 1.7.1.

References

Affected packages

Git / github.com/argoproj/argo-events

Affected ranges

Type: GIT
Repo: https://github.com/argoproj/argo-events
Events: Introduced

0The exact introduced commit is unknown

Fixed

eaabcb6d65022fc34a0cc9ea7f00681abd326b35

Affected versions

v.*

v.0.9

v0.*

v0.10

v0.11

v0.12

v0.12-rc

v0.13.0

v0.13.0-rc

v0.14.0

v0.15.0

v0.16.0

v0.17.0

v0.5

v0.5-alpha1

v0.5-beta1

v0.6

v0.7

v0.8

v0.8.1

v0.8.2

v0.8.3

v0.9.1

v0.9.2

v0.9.3

v1.*

v1.7.0

v1.7.0-rc1