{"id":"CVE-2022-25856","details":"The package github.com/argoproj/argo-events/sensors/artifacts before 1.7.1 are vulnerable to Directory Traversal in the (g *GitArtifactReader).Read() API in git.go. This could allow arbitrary file reads if the GitArtifactReader is provided a pathname containing a symbolic link or an implicit directory name such as ...","aliases":["GHSA-qpgx-64h2-gc3c","GO-2022-0492"],"modified":"2026-04-10T04:46:15.087238Z","published":"2022-06-17T20:15:10.607Z","related":["SNYK-GOLANG-GITHUBCOMARGOPROJARGOEVENTSSENSORSARTIFACTS-2864522"],"references":[{"type":"REPORT","url":"https://github.com/argoproj/argo-events/issues/1947"},{"type":"FIX","url":"https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMARGOPROJARGOEVENTSSENSORSARTIFACTS-2864522"},{"type":"FIX","url":"https://github.com/argoproj/argo-events/commit/d0f66dbce78bc31923ca057b20fc722aa24ca961"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/argoproj/argo-events","events":[{"introduced":"0"},{"fixed":"a98978a38dfc90299dc805089716ecba8374461a"},{"fixed":"d0f66dbce78bc31923ca057b20fc722aa24ca961"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"1.7.1"}]}}],"versions":["v.0.9","v0.10","v0.11","v0.12","v0.12-rc","v0.13.0","v0.13.0-rc","v0.14.0","v0.15.0","v0.16.0","v0.17.0","v0.5","v0.5-alpha1","v0.5-beta1","v0.6","v0.7","v0.8","v0.8.1","v0.8.2","v0.8.3","v0.9.1","v0.9.2","v0.9.3","v1.7.0","v1.7.0-rc1"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-25856.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}]}