CNNVD-202510-1987 Information
CNNVD ID
CNNVD-202510-1987
Related CVE
- CNNVD Published: 2025-10-14
Description (Chinese)
Argo Workflows是Argo项目的一个用于 Kubernetes 的开源容器原生工作流引擎。 Argo Workflows 3.6.12之前版本和3.7.0版本至3.7.2版本存在路径遍历漏洞,该漏洞源于artifact extraction中存在Zip Slip路径遍历漏洞,可能导致任意文件创建或覆盖。
Description (English)
Argo Workflows is a primary workflow engine for open-source containers for Kubernetes in the Argo project. Pre-Argo Workflows 3.6.12 and Versions 3.7.0 to 3.7.2 have path-to-path loopholes, which stem from the Zip Slip path-to-path loophole in artifice addition, which may lead to the creation of or overwhelming of any file.
Hazard Level
High
Vulnerability Type
路径遍历
Affected Vendor
Argo
Published
2025-10-14
Last Modified
2026-02-24
References
https://github.com/argoproj/argo-workflows/blob/946a2d6b9ac3309371fe47f49ae94c33ca7d488d/workflow/executor/executor.go#L993 https://github.com/argoproj/argo-workflows/commit/5659ad9b641fcf52c04ed594cd6493f9170f6011 https://github.com/argoproj/argo-workflows/commit/9f6bc5d236cd1b24d607943384511d71ad17a4c3 https://github.com/argoproj/argo-workflows/security/advisories/GHSA-p84v-gxvw-73pf