Skip to content

Workflow re-write vulnerability using input parameter

Moderate severity GitHub Reviewed Published Aug 4, 2021 in argoproj/argo-workflows • Updated Feb 1, 2023

Package

gomod github.com/argoproj/argo-workflows/v3 (Go)

Affected versions

>= 3.1.0, < 3.1.6

Patched versions

3.1.6

Description

Impact

  • Allow end-users to set input parameters, but otherwise expect workflows to be secure.

Patches

Not yet.

Workarounds

  • Set EXPRESSION_TEMPLATES=false for the workflow controller

References

For more information

If you have any questions or comments about this advisory:

References

Published by the National Vulnerability Database Aug 3, 2021
@alexec alexec published to argoproj/argo-workflows Aug 4, 2021
Reviewed Aug 4, 2021
Published to the GitHub Advisory Database Aug 9, 2021
Last updated Feb 1, 2023

Severity

Moderate

EPSS score

0.091%
(40th percentile)

Weaknesses

CVE ID

CVE-2021-37914

GHSA ID

GHSA-h563-xh25-x54q

Source code

github.com/argoproj/argo-workflows/v3
Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.