CVE-2022-31054— Uses of deprecated API can be used to cause DoS in user-facing endpoints in Argo Events
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2022-31054
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Uses of deprecated API can be used to cause DoS in user-facing endpoints in Argo Events
Source: NVD (National Vulnerability Database)
Vulnerability Description
Argo Events is an event-driven workflow automation framework for Kubernetes. Prior to version 1.7.1, several `HandleRoute` endpoints make use of the deprecated `ioutil.ReadAll()`. `ioutil.ReadAll()` reads all the data into memory. As such, an attacker who sends a large request to the Argo Events server will be able to crash it and cause denial of service. A patch for this vulnerability has been released in Argo Events version 1.7.1.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
未加控制的资源消耗(资源穷尽)
Source: NVD (National Vulnerability Database)
Vulnerability Title
Argo 缓冲区错误漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Argo是一款开源的容器本机工作流引擎。 Kubernetes Argo Events 1.7.1 之前版本存在缓冲区错误漏洞,该漏洞源于 ioutil.ReadAll() 会将所有数据读入内存,攻击者利用该漏洞可以向 Argo Events 服务器发送大量请求使其崩溃并导致拒绝服务。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| argoproj | argo-events | < 1.7.1 | - |
II. Public POCs for CVE-2022-31054
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2022-31054
请登录查看更多情报信息。
- https://github.com/argoproj/argo-events/issues/1946x_refsource_MISC
- https://github.com/argoproj/argo-events/pull/1966x_refsource_MISC
- https://nvd.nist.gov/vuln/detail/CVE-2022-31054
IV. Related Vulnerabilities
Same vendor: argoproj
- CVE-2026-42296
Argo Workflows has incomplete fix for CVE-2026-31892: hostNe - CVE-2026-42295
Argo Workflows: Exposure of artifact repository credentials - CVE-2026-42294
Argo Workflows: Unauthenticated Memory Exhaustion (DoS) in W - CVE-2026-42183
Argo Workflows: SSO RBAC Delegation Nil Pointer Dereference - CVE-2026-42297
Argo Workflows Is Missing Authorization in Sync ConfigMap Pr
Same weakness: CWE-400
- CVE-2026-8187
Open5GS UPF gtp-path.c _gtpv1_u_recv_cb resource consumption - CVE-2026-42343
FastGPT: Uncontrolled Resource Consumption leading to Sandbo - CVE-2026-42212
SolidCAM-GPPL-IDE: XML External Entity (XXE) and billion-lau - CVE-2026-32686
Unbounded exponent in decimal enables unauthenticated DoS - CVE-2026-20188
Cisco Crosswork Network Controller and Cisco Network Service
V. Comments for CVE-2022-31054
No comments yet