漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Argo Workflows: Unauthenticated Memory Exhaustion (DoS) in Webhook Interceptor
Vulnerability Description
Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Prior to versions 3.7.14 and 4.0.5, the Webhook Interceptor loads the entire request body into memory before authenticating the request or verifying its signature. This occurs on the /api/v1/events/ endpoint, which is publicly accessible (albeit intended for webhooks). An attacker can send a request with an extremely large body (e.g., multiple gigabytes), causing the Argo Server to allocate excessive memory, potentially leading to an Out-Of-Memory (OOM) crash and denial of service. This issue has been patched in versions 3.7.14 and 4.0.5.
CVSS Information
N/A
Vulnerability Type
不加限制或调节的资源分配
Vulnerability Title
Argo Workflows 安全漏洞
Vulnerability Description
Argo Workflows是Argo项目的一个用于 Kubernetes 的开源容器原生工作流引擎。 Argo Workflows 3.7.14之前版本和4.0.5之前版本存在安全漏洞,该漏洞源于Webhook Interceptor在验证请求或签名前将整个请求体加载到内存中,可能导致攻击者发送超大请求体导致内存耗尽和拒绝服务。
CVSS Information
N/A
Vulnerability Type
N/A