CNNVD-202512-1099 Information
CNNVD ID
CNNVD-202512-1099
Related CVE
- CNNVD Published: 2025-12-09
Description (Chinese)
Argo Workflows是Argo项目的一个用于 Kubernetes 的开源容器原生工作流引擎。 Argo Workflows 3.6.13及之前版本和3.7.0版本至3.7.4版本存在操作系统命令注入漏洞,该漏洞源于符号链接处理不当,可能导致任意代码执行。
Description (English)
Argo Workflows is a primary workflow engine for open-source containers for Kubernetes in the Argo project. Argo Workflows 3.6.13 and previous and 3.7.0 to 3.7.4 versions of the operating system contained a loophole, which stemmed from the mishandling of the symbol link and could lead to any code execution.
Hazard Level
Medium
Vulnerability Type
操作系统命令注入
Affected Vendor
Argo
Published
2025-12-09
Last Modified
2026-02-24
References
https://github.com/advisories/GHSA-p84v-gxvw-73pf https://github.com/argoproj/argo-workflows/blob/5291e0b01f94ba864f96f795bb500f2cfc5ad799/workflow/executor/executor.go#L1034-L1037 https://github.com/argoproj/argo-workflows/commit/6b92af23f35aed4d4de8b04adcaf19d68f006de1 https://github.com/argoproj/argo-workflows/security/advisories/GHSA-xrqc-7xgx-c9vh
Patch
https://argo-workflows.readthedocs.io/en/stable/
Share on: