CNNVD-202510-010 Information
CNNVD ID
CNNVD-202510-010
Related CVE
- CNNVD Published: 2025-10-01
Description (Chinese)
Argo CD是Argo开源的一个用于Kubernetes的声明性GitOps连续交付工具。 Argo CD存在安全漏洞,该漏洞源于未检查JSON数组长度,可能导致拒绝服务攻击。以下版本受到影响:2.9.0-rc1版本至2.14.19版本、3.0.0-rc1版本至3.2.0-rc1版本、3.1.6版本和3.0.17版本。
Description (English)
Argo CD is a declaratory Gitops continuum delivery tool for Kubernetes, an open source of Argo. The Argo CD has a security loophole, which stems from the failure to check the length of the JSON array, which could lead to a denial of service attack. The following versions were affected: 2.9.0-rc1 to 2.14.19, 3.0.0-rc1 to 3.2.0-rc1, 3.1.6 and 3.0.17.
Hazard Level
Medium
Vulnerability Type
其他
Affected Vendor
Argo
Published
2025-10-01
Last Modified
2026-02-24
References
https://github.com/argoproj/argo-cd/commit/1a023f1ca7fe4ec942b4b6696804988d5a632baf https://github.com/argoproj/argo-cd/security/advisories/GHSA-gpx4-37g2-c8pv
Patch
https://argo-cd.readthedocs.io/en/stable/
Share on: