{"id":"CVE-2022-31054","summary":"Uses of deprecated API can be used to cause DoS in user-facing endpoints in Argo Events","details":"Argo Events is an event-driven workflow automation framework for Kubernetes. Prior to version 1.7.1, several `HandleRoute` endpoints make use of the deprecated `ioutil.ReadAll()`. `ioutil.ReadAll()` reads all the data into memory. As such, an attacker who sends a large request to the Argo Events server will be able to crash it and cause denial of service. A patch for this vulnerability has been released in Argo Events version 1.7.1.","aliases":["GHSA-5q86-62xr-3r57","GO-2022-0490"],"modified":"2026-04-10T04:47:44.468084Z","published":"2022-06-13T19:40:12Z","database_specific":{"cwe_ids":["CWE-400"],"cna_assigner":"GitHub_M","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/31xxx/CVE-2022-31054.json"},"references":[{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/31xxx/CVE-2022-31054.json"},{"type":"ADVISORY","url":"https://github.com/argoproj/argo-events/security/advisories/GHSA-5q86-62xr-3r57"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-31054"},{"type":"REPORT","url":"https://github.com/argoproj/argo-events/issues/1946"},{"type":"FIX","url":"https://github.com/argoproj/argo-events/commit/eaabcb6d65022fc34a0cc9ea7f00681abd326b35"},{"type":"FIX","url":"https://github.com/argoproj/argo-events/pull/1966"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/argoproj/argo-events","events":[{"introduced":"0"},{"fixed":"a98978a38dfc90299dc805089716ecba8374461a"}]}],"versions":["v.0.9","v0.10","v0.11","v0.12","v0.12-rc","v0.13.0","v0.13.0-rc","v0.14.0","v0.15.0","v0.16.0","v0.17.0","v0.5","v0.5-alpha1","v0.5-beta1","v0.6","v0.7","v0.8","v0.8.1","v0.8.2","v0.8.3","v0.9.1","v0.9.2","v0.9.3","v1.7.0","v1.7.0-rc1"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-31054.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}