CVE-2022-31054

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-31054

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-31054.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2022-31054

Aliases

Related

GHSA-5q86-62xr-3r57

Published

2022-06-13T20:15:07Z

Modified

2025-01-15T02:21:33.287385Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

Argo Events is an event-driven workflow automation framework for Kubernetes. Prior to version 1.7.1, several HandleRoute endpoints make use of the deprecated ioutil.ReadAll(). ioutil.ReadAll() reads all the data into memory. As such, an attacker who sends a large request to the Argo Events server will be able to crash it and cause denial of service. A patch for this vulnerability has been released in Argo Events version 1.7.1.

References

Affected packages

Git / github.com/argoproj/argo-events

Affected ranges

Type: GIT
Repo: https://github.com/argoproj/argo-events
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

eaabcb6d65022fc34a0cc9ea7f00681abd326b35

Fixed

eaabcb6d65022fc34a0cc9ea7f00681abd326b35

Affected versions

v.*

v.0.9

v0.*

v0.10

v0.11

v0.12

v0.12-rc

v0.13.0

v0.13.0-rc

v0.14.0

v0.15.0

v0.16.0

v0.17.0

v0.5

v0.5-alpha1

v0.5-beta1

v0.6

v0.7

v0.8

v0.8.1

v0.8.2

v0.8.3

v0.9.1

v0.9.2

v0.9.3

v1.*

v1.7.0

v1.7.0-rc1