CVE-2022-25856

Summary

The package github.com/argoproj/argo-events/sensors/artifacts before 1.7.1 are vulnerable to Directory Traversal in the (g *GitArtifactReader).Read() API in git.go. This could allow arbitrary file reads if the GitArtifactReader is provided a pathname containing a symbolic link or an implicit directory name such as …

Affected Software

VendorProductVersion RangeStatus
n/agithub.com/argoproj/argo-events/sensors/artifactsunspecified < 1.7.1affected

Weaknesses

  • Directory Traversal

ADP Enrichment

CVE Program Container

Additional References

References