GO-2022-0492

Source

https://pkg.go.dev/vuln/GO-2022-0492

Import Source

https://vuln.go.dev/ID/GO-2022-0492.json

Aliases

CVE-2022-25856
GHSA-qpgx-64h2-gc3c
SNYK-GOLANG-GITHUBCOMARGOPROJARGOEVENTSSENSORSARTIFACTS-2864522

Published

2022-07-15T23:30:03Z

Modified

2023-11-08T04:08:49.505686Z

Details

GitArtifactReader is vulnerable to directory traversal attacks.

The GitArtifactReader.Read function reads and returns the contents of a Git repository file. A maliciously crafted repository can exploit this to cause Read to read from arbitrary files on the filesystem.

References

Affected packages

Go / github.com/argoproj/argo-events

Package

Name: github.com/argoproj/argo-events

Affected ranges

Type: SEMVER
Events: Introduced

0The exact introduced commit is unknown

Fixed

1.7.1

Ecosystem specific

{
    "imports": [
        {
            "path": "github.com/argoproj/argo-events/sensors/artifacts",
            "symbols": [
                "GetArtifactReader",
                "NewGitReader"
            ]
        }
    ]
}