marcel/argo-cd
1
0
Fork 0
mirror of https://github.com/argoproj/argo-cd.git synced 2026-02-20 01:28:45 +01:00
Code Issues Packages Projects Releases Wiki Activity

[Bot] docs: Update Snyk report (#26033)

Browse Source 
Signed-off-by: CI <ci@argoproj.com>
Co-authored-by: CI <ci@argoproj.com>
This commit is contained in:
github-actions[bot]
2026-01-18 06:31:36 +00:00
committed by GitHub
parent 82597111a1
commit bfbb88e5fe
38 changed files with 3736 additions and 7859 deletions
Download Patch File Download Diff File Expand all files Collapse all files

64
docs/snyk/index.md
View File

@@ -14,11 +14,11 @@ recent minor releases.
| | Critical | High | Medium | Low |
|---:|:--------:|:----:|:------:|:---:|
| [go.mod](master/argocd-test.html) | 0 | 0 | 0 | 0 |
| [ui/yarn.lock](master/argocd-test.html) | 0 | 1 | 1 | 2 |
| [ui/yarn.lock](master/argocd-test.html) | 0 | 0 | 1 | 2 |
| [dex:v2.43.0](master/ghcr.io_dexidp_dex_v2.43.0.html) | 0 | 0 | 0 | 5 |
| [haproxy:3.0.8-alpine](master/public.ecr.aws_docker_library_haproxy_3.0.8-alpine.html) | 0 | 0 | 0 | 5 |
| [redis:8.2.3-alpine](master/public.ecr.aws_docker_library_redis_8.2.3-alpine.html) | 0 | 0 | 0 | 2 |
| [argocd:latest](master/quay.io_argoproj_argocd_latest.html) | 0 | 0 | 6 | 5 |
| [argocd:latest](master/quay.io_argoproj_argocd_latest.html) | 0 | 0 | 8 | 8 |
| [install.yaml](master/argocd-iac-install.html) | - | - | - | - |
| [namespace-install.yaml](master/argocd-iac-namespace-install.html) | - | - | - | - |
@@ -26,8 +26,8 @@ recent minor releases.
| | Critical | High | Medium | Low |
|---:|:--------:|:----:|:------:|:---:|
| [go.mod](v3.3.0-rc3/argocd-test.html) | 0 | 1 | 0 | 0 |
| [ui/yarn.lock](v3.3.0-rc3/argocd-test.html) | 0 | 2 | 1 | 2 |
| [go.mod](v3.3.0-rc3/argocd-test.html) | 0 | 0 | 0 | 0 |
| [ui/yarn.lock](v3.3.0-rc3/argocd-test.html) | 0 | 1 | 1 | 2 |
| [dex:v2.43.0](v3.3.0-rc3/ghcr.io_dexidp_dex_v2.43.0.html) | 0 | 0 | 0 | 5 |
| [haproxy:3.0.8-alpine](v3.3.0-rc3/public.ecr.aws_docker_library_haproxy_3.0.8-alpine.html) | 0 | 0 | 0 | 5 |
| [redis:8.2.3-alpine](v3.3.0-rc3/public.ecr.aws_docker_library_redis_8.2.3-alpine.html) | 0 | 0 | 0 | 2 |
@@ -35,42 +35,42 @@ recent minor releases.
| [install.yaml](v3.3.0-rc3/argocd-iac-install.html) | - | - | - | - |
| [namespace-install.yaml](v3.3.0-rc3/argocd-iac-namespace-install.html) | - | - | - | - |
### v3.2.3
### v3.2.5
| | Critical | High | Medium | Low |
|---:|:--------:|:----:|:------:|:---:|
| [go.mod](v3.2.3/argocd-test.html) | 0 | 1 | 0 | 0 |
| [ui/yarn.lock](v3.2.3/argocd-test.html) | 0 | 2 | 3 | 2 |
| [dex:v2.43.0](v3.2.3/ghcr.io_dexidp_dex_v2.43.0.html) | 0 | 0 | 0 | 5 |
| [haproxy:3.0.8-alpine](v3.2.3/public.ecr.aws_docker_library_haproxy_3.0.8-alpine.html) | 0 | 0 | 0 | 5 |
| [redis:8.2.2-alpine](v3.2.3/public.ecr.aws_docker_library_redis_8.2.2-alpine.html) | 0 | 0 | 0 | 2 |
| [argocd:v3.2.3](v3.2.3/quay.io_argoproj_argocd_v3.2.3.html) | 0 | 1 | 6 | 11 |
| [install.yaml](v3.2.3/argocd-iac-install.html) | - | - | - | - |
| [namespace-install.yaml](v3.2.3/argocd-iac-namespace-install.html) | - | - | - | - |
| [go.mod](v3.2.5/argocd-test.html) | 0 | 0 | 0 | 0 |
| [ui/yarn.lock](v3.2.5/argocd-test.html) | 0 | 1 | 3 | 2 |
| [dex:v2.43.0](v3.2.5/ghcr.io_dexidp_dex_v2.43.0.html) | 0 | 0 | 0 | 5 |
| [haproxy:3.0.8-alpine](v3.2.5/public.ecr.aws_docker_library_haproxy_3.0.8-alpine.html) | 0 | 0 | 0 | 5 |
| [redis:8.2.2-alpine](v3.2.5/public.ecr.aws_docker_library_redis_8.2.2-alpine.html) | 0 | 0 | 0 | 2 |
| [argocd:v3.2.5](v3.2.5/quay.io_argoproj_argocd_v3.2.5.html) | 0 | 0 | 6 | 11 |
| [install.yaml](v3.2.5/argocd-iac-install.html) | - | - | - | - |
| [namespace-install.yaml](v3.2.5/argocd-iac-namespace-install.html) | - | - | - | - |
### v3.1.10
### v3.1.11
| | Critical | High | Medium | Low |
|---:|:--------:|:----:|:------:|:---:|
| [go.mod](v3.1.10/argocd-test.html) | 0 | 1 | 0 | 0 |
| [ui/yarn.lock](v3.1.10/argocd-test.html) | 1 | 2 | 3 | 2 |
| [dex:v2.43.0](v3.1.10/ghcr.io_dexidp_dex_v2.43.0.html) | 0 | 0 | 0 | 5 |
| [haproxy:3.0.8-alpine](v3.1.10/public.ecr.aws_docker_library_haproxy_3.0.8-alpine.html) | 0 | 0 | 0 | 5 |
| [redis:7.2.11-alpine](v3.1.10/public.ecr.aws_docker_library_redis_7.2.11-alpine.html) | 0 | 0 | 0 | 2 |
| [argocd:v3.1.10](v3.1.10/quay.io_argoproj_argocd_v3.1.10.html) | 0 | 1 | 4 | 15 |
| [install.yaml](v3.1.10/argocd-iac-install.html) | - | - | - | - |
| [namespace-install.yaml](v3.1.10/argocd-iac-namespace-install.html) | - | - | - | - |
| [go.mod](v3.1.11/argocd-test.html) | 0 | 0 | 0 | 0 |
| [ui/yarn.lock](v3.1.11/argocd-test.html) | 1 | 1 | 3 | 2 |
| [dex:v2.43.0](v3.1.11/ghcr.io_dexidp_dex_v2.43.0.html) | 0 | 0 | 0 | 5 |
| [haproxy:3.0.8-alpine](v3.1.11/public.ecr.aws_docker_library_haproxy_3.0.8-alpine.html) | 0 | 0 | 0 | 5 |
| [redis:7.2.11-alpine](v3.1.11/public.ecr.aws_docker_library_redis_7.2.11-alpine.html) | 0 | 0 | 0 | 2 |
| [argocd:v3.1.11](v3.1.11/quay.io_argoproj_argocd_v3.1.11.html) | 0 | 0 | 7 | 15 |
| [install.yaml](v3.1.11/argocd-iac-install.html) | - | - | - | - |
| [namespace-install.yaml](v3.1.11/argocd-iac-namespace-install.html) | - | - | - | - |
### v3.0.21
### v3.0.22
| | Critical | High | Medium | Low |
|---:|:--------:|:----:|:------:|:---:|
| [go.mod](v3.0.21/argocd-test.html) | 0 | 4 | 0 | 0 |
| [ui/yarn.lock](v3.0.21/argocd-test.html) | 1 | 3 | 4 | 4 |
| [dex:v2.41.1](v3.0.21/ghcr.io_dexidp_dex_v2.41.1.html) | 0 | 2 | 0 | 8 |
| [haproxy:3.0.8-alpine](v3.0.21/public.ecr.aws_docker_library_haproxy_3.0.8-alpine.html) | 0 | 0 | 0 | 5 |
| [redis:7.2.11-alpine](v3.0.21/public.ecr.aws_docker_library_redis_7.2.11-alpine.html) | 0 | 0 | 0 | 2 |
| [argocd:v3.0.21](v3.0.21/quay.io_argoproj_argocd_v3.0.21.html) | 0 | 1 | 4 | 15 |
| [redis:7.2.11-alpine](v3.0.21/redis_7.2.11-alpine.html) | 0 | 0 | 0 | 2 |
| [install.yaml](v3.0.21/argocd-iac-install.html) | - | - | - | - |
| [namespace-install.yaml](v3.0.21/argocd-iac-namespace-install.html) | - | - | - | - |
| [go.mod](v3.0.22/argocd-test.html) | 0 | 0 | 0 | 0 |
| [ui/yarn.lock](v3.0.22/argocd-test.html) | 1 | 2 | 4 | 4 |
| [dex:v2.41.1](v3.0.22/ghcr.io_dexidp_dex_v2.41.1.html) | 0 | 2 | 0 | 8 |
| [haproxy:3.0.8-alpine](v3.0.22/public.ecr.aws_docker_library_haproxy_3.0.8-alpine.html) | 0 | 0 | 0 | 5 |
| [redis:7.2.11-alpine](v3.0.22/public.ecr.aws_docker_library_redis_7.2.11-alpine.html) | 0 | 0 | 0 | 2 |
| [argocd:v3.0.22](v3.0.22/quay.io_argoproj_argocd_v3.0.22.html) | 0 | 0 | 7 | 15 |
| [redis:7.2.11-alpine](v3.0.22/redis_7.2.11-alpine.html) | 0 | 0 | 0 | 2 |
| [install.yaml](v3.0.22/argocd-iac-install.html) | - | - | - | - |
| [namespace-install.yaml](v3.0.22/argocd-iac-namespace-install.html) | - | - | - | - |

90
docs/snyk/master/argocd-iac-install.html
View File

@@ -456,7 +456,7 @@
<div class="header-wrap">
<h1 class="project__header__title">Snyk test report</h1>
<p class="timestamp">January 11th 2026, 12:28:26 am (UTC+00:00)</p>
<p class="timestamp">January 18th 2026, 12:27:35 am (UTC+00:00)</p>
</div>
<div class="source-panel">
<span>Scanned the following path:</span>
@@ -507,7 +507,7 @@
</li>
<li class="card__meta__item">
Line number: 30936
Line number: 30946
</li>
</ul>
@@ -553,7 +553,7 @@
</li>
<li class="card__meta__item">
Line number: 30621
Line number: 30631
</li>
</ul>
@@ -599,7 +599,7 @@
</li>
<li class="card__meta__item">
Line number: 30709
Line number: 30719
</li>
</ul>
@@ -645,7 +645,7 @@
</li>
<li class="card__meta__item">
Line number: 30744
Line number: 30754
</li>
</ul>
@@ -691,7 +691,7 @@
</li>
<li class="card__meta__item">
Line number: 30774
Line number: 30784
</li>
</ul>
@@ -737,7 +737,7 @@
</li>
<li class="card__meta__item">
Line number: 30792
Line number: 30802
</li>
</ul>
@@ -783,7 +783,7 @@
</li>
<li class="card__meta__item">
Line number: 30810
Line number: 30820
</li>
</ul>
@@ -829,7 +829,7 @@
</li>
<li class="card__meta__item">
Line number: 30832
Line number: 30842
</li>
</ul>
@@ -881,7 +881,7 @@
</li>
<li class="card__meta__item">
Line number: 32039
Line number: 32049
</li>
</ul>
@@ -933,7 +933,7 @@
</li>
<li class="card__meta__item">
Line number: 32382
Line number: 32392
</li>
</ul>
@@ -991,7 +991,7 @@
</li>
<li class="card__meta__item">
Line number: 31519
Line number: 31529
</li>
</ul>
@@ -1049,7 +1049,7 @@
</li>
<li class="card__meta__item">
Line number: 31835
Line number: 31845
</li>
</ul>
@@ -1107,7 +1107,7 @@
</li>
<li class="card__meta__item">
Line number: 31783
Line number: 31793
</li>
</ul>
@@ -1165,7 +1165,7 @@
</li>
<li class="card__meta__item">
Line number: 31897
Line number: 31907
</li>
</ul>
@@ -1223,7 +1223,7 @@
</li>
<li class="card__meta__item">
Line number: 32010
Line number: 32020
</li>
</ul>
@@ -1281,7 +1281,7 @@
</li>
<li class="card__meta__item">
Line number: 32034
Line number: 32044
</li>
</ul>
@@ -1339,7 +1339,7 @@
</li>
<li class="card__meta__item">
Line number: 32382
Line number: 32392
</li>
</ul>
@@ -1397,7 +1397,7 @@
</li>
<li class="card__meta__item">
Line number: 32093
Line number: 32103
</li>
</ul>
@@ -1455,7 +1455,7 @@
</li>
<li class="card__meta__item">
Line number: 32470
Line number: 32480
</li>
</ul>
@@ -1513,7 +1513,7 @@
</li>
<li class="card__meta__item">
Line number: 32880
Line number: 32890
</li>
</ul>
@@ -1565,7 +1565,7 @@
</li>
<li class="card__meta__item">
Line number: 31815
Line number: 31825
</li>
</ul>
@@ -1617,7 +1617,7 @@
</li>
<li class="card__meta__item">
Line number: 31519
Line number: 31529
</li>
</ul>
@@ -1669,7 +1669,7 @@
</li>
<li class="card__meta__item">
Line number: 31783
Line number: 31793
</li>
</ul>
@@ -1721,7 +1721,7 @@
</li>
<li class="card__meta__item">
Line number: 32010
Line number: 32020
</li>
</ul>
@@ -1779,7 +1779,7 @@
</li>
<li class="card__meta__item">
Line number: 31519
Line number: 31529
</li>
</ul>
@@ -1837,7 +1837,7 @@
</li>
<li class="card__meta__item">
Line number: 31783
Line number: 31793
</li>
</ul>
@@ -1895,7 +1895,7 @@
</li>
<li class="card__meta__item">
Line number: 31835
Line number: 31845
</li>
</ul>
@@ -1953,7 +1953,7 @@
</li>
<li class="card__meta__item">
Line number: 31897
Line number: 31907
</li>
</ul>
@@ -2011,7 +2011,7 @@
</li>
<li class="card__meta__item">
Line number: 32010
Line number: 32020
</li>
</ul>
@@ -2069,7 +2069,7 @@
</li>
<li class="card__meta__item">
Line number: 32034
Line number: 32044
</li>
</ul>
@@ -2127,7 +2127,7 @@
</li>
<li class="card__meta__item">
Line number: 32382
Line number: 32392
</li>
</ul>
@@ -2185,7 +2185,7 @@
</li>
<li class="card__meta__item">
Line number: 32093
Line number: 32103
</li>
</ul>
@@ -2243,7 +2243,7 @@
</li>
<li class="card__meta__item">
Line number: 32470
Line number: 32480
</li>
</ul>
@@ -2301,7 +2301,7 @@
</li>
<li class="card__meta__item">
Line number: 32880
Line number: 32890
</li>
</ul>
@@ -2357,7 +2357,7 @@
</li>
<li class="card__meta__item">
Line number: 31696
Line number: 31706
</li>
</ul>
@@ -2413,7 +2413,7 @@
</li>
<li class="card__meta__item">
Line number: 31843
Line number: 31853
</li>
</ul>
@@ -2469,7 +2469,7 @@
</li>
<li class="card__meta__item">
Line number: 31818
Line number: 31828
</li>
</ul>
@@ -2525,7 +2525,7 @@
</li>
<li class="card__meta__item">
Line number: 31942
Line number: 31952
</li>
</ul>
@@ -2581,7 +2581,7 @@
</li>
<li class="card__meta__item">
Line number: 32027
Line number: 32037
</li>
</ul>
@@ -2637,7 +2637,7 @@
</li>
<li class="card__meta__item">
Line number: 32041
Line number: 32051
</li>
</ul>
@@ -2693,7 +2693,7 @@
</li>
<li class="card__meta__item">
Line number: 32390
Line number: 32400
</li>
</ul>
@@ -2749,7 +2749,7 @@
</li>
<li class="card__meta__item">
Line number: 32355
Line number: 32365
</li>
</ul>
@@ -2805,7 +2805,7 @@
</li>
<li class="card__meta__item">
Line number: 32779
Line number: 32789
</li>
</ul>
@@ -2861,7 +2861,7 @@
</li>
<li class="card__meta__item">
Line number: 33155
Line number: 33165
</li>
</ul>

2
docs/snyk/master/argocd-iac-namespace-install.html
View File

@@ -456,7 +456,7 @@
<div class="header-wrap">
<h1 class="project__header__title">Snyk test report</h1>
<p class="timestamp">January 11th 2026, 12:28:37 am (UTC+00:00)</p>
<p class="timestamp">January 18th 2026, 12:27:45 am (UTC+00:00)</p>
</div>
<div class="source-panel">
<span>Scanned the following path:</span>

109
docs/snyk/master/argocd-test.html
View File

@@ -7,7 +7,7 @@
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<title>Snyk test report</title>
<meta name="description" content="4 known vulnerabilities found in 9 vulnerable dependency paths.">
<meta name="description" content="3 known vulnerabilities found in 6 vulnerable dependency paths.">
<base target="_blank">
<link rel="icon" type="image/png" href="https://res.cloudinary.com/snyk/image/upload/v1468845142/favicon/favicon.png"
sizes="194x194">
@@ -492,12 +492,11 @@
<div class="header-wrap">
<h1 class="project__header__title">Snyk test report</h1>
<p class="timestamp">January 11th 2026, 12:25:59 am (UTC+00:00)</p>
<p class="timestamp">January 18th 2026, 12:25:09 am (UTC+00:00)</p>
</div>
<div class="source-panel">
<span>Scanned the following paths:</span>
<ul>
<li class="paths">/argo-cd/argoproj/argo-cd/v3/go.mod (gomodules)</li>
<li class="paths">/argo-cd/argoproj/gitops-engine/gitops-engine/go.mod (gomodules)</li>
<li class="paths">/argo-cd/argoproj/argo-cd/get-previous-release/hack/get-previous-release/go.mod (gomodules)</li>
<li class="paths">/argo-cd/ui/yarn.lock (yarn)</li>
@@ -505,9 +504,9 @@
</div>
<div class="meta-counts">
<div class="meta-count"><span>4</span> <span>known vulnerabilities</span></div>
<div class="meta-count"><span>9 vulnerable dependency paths</span></div>
<div class="meta-count"><span>2882</span> <span>dependencies</span></div>
<div class="meta-count"><span>3</span> <span>known vulnerabilities</span></div>
<div class="meta-count"><span>6 vulnerable dependency paths</span></div>
<div class="meta-count"><span>1016</span> <span>dependencies</span></div>
</div><!-- .meta-counts -->
</div><!-- .layout-container--short -->
</header><!-- .project__header -->
@@ -515,104 +514,6 @@
<div class="layout-container" style="padding-top: 35px;">
<div class="cards--vuln filter--patch filter--ignore">
<div class="card card--vuln disclosure--not-new severity--high" data-snyk-test="high">
<h2 class="card__title">Open Redirect</h2>
<div class="card__section">
<div class="card__labels">
<div class="label label--high">
<span class="label__text">high severity</span>
</div>
<div class="label label--exploit">
<span class="label__text">Exploit: Not Defined</span>
</div>
</div>
<hr/>
<ul class="card__meta">
<li class="card__meta__item">
Manifest file: /argo-cd <span class="list-paths__item__arrow"></span> ui/yarn.lock
</li>
<li class="card__meta__item">
Package Manager: npm
</li>
<li class="card__meta__item">
Vulnerable module:
react-router
</li>
<li class="card__meta__item">Introduced through:
argo-cd-ui@1.0.0 and react-router@4.3.1
</li>
</ul>
<hr/>
<h3 class="card__section__title">Detailed paths</h3>
<ul class="card__meta__paths">
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
argo-cd-ui@1.0.0
<span class="list-paths__item__arrow"></span>
react-router@4.3.1
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
argo-cd-ui@1.0.0
<span class="list-paths__item__arrow"></span>
react-router-dom@4.3.1
<span class="list-paths__item__arrow"></span>
react-router@4.3.1
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
argo-cd-ui@1.0.0
<span class="list-paths__item__arrow"></span>
argo-ui@1.0.0
<span class="list-paths__item__arrow"></span>
react-router-dom@4.3.1
<span class="list-paths__item__arrow"></span>
react-router@4.3.1
</span>
</li>
</ul><!-- .list-paths -->
</div><!-- .card__section -->
<hr/>
<!-- Overview -->
<h2 id="overview">Overview</h2>
<p>Affected versions of this package are vulnerable to Open Redirect via the <code>resolvePath()</code> function when used with <code>navigate</code>, <code>&lt;Link&gt;</code>, or <code>redirect</code>. An attacker can cause the application to redirect users to external, potentially malicious URLs by supplying crafted paths. </p>
<p><strong>Note:</strong></p>
<p>This is only exploitable if untrusted content is passed into navigation paths in the application code.</p>
<h2 id="remediation">Remediation</h2>
<p>Upgrade <code>react-router</code> to version 6.30.2, 7.9.6 or higher.</p>
<h2 id="references">References</h2>
<ul>
<li><a href="https://github.com/remix-run/react-router/commit/02e65a55daa6f9c0aa88d0de8732330e0b449dad">GitHub Commit</a></li>
</ul>
<hr/>
<div class="cta card__cta">
<p><a href="https://snyk.io/vuln/SNYK-JS-REACTROUTER-14908286">More about this vulnerability</a></p>
</div>
</div><!-- .card -->
<div class="card card--vuln disclosure--not-new severity--medium" data-snyk-test="medium">
<h2 class="card__title">Regular Expression Denial of Service (ReDoS)</h2>
<div class="card__section">

2
docs/snyk/master/ghcr.io_dexidp_dex_v2.43.0.html
View File

@@ -492,7 +492,7 @@
<div class="header-wrap">
<h1 class="project__header__title">Snyk test report</h1>
<p class="timestamp">January 11th 2026, 12:26:11 am (UTC+00:00)</p>
<p class="timestamp">January 18th 2026, 12:25:20 am (UTC+00:00)</p>
</div>
<div class="source-panel">
<span>Scanned the following paths:</span>

2
docs/snyk/master/public.ecr.aws_docker_library_haproxy_3.0.8-alpine.html
View File

@@ -492,7 +492,7 @@
<div class="header-wrap">
<h1 class="project__header__title">Snyk test report</h1>
<p class="timestamp">January 11th 2026, 12:26:18 am (UTC+00:00)</p>
<p class="timestamp">January 18th 2026, 12:25:25 am (UTC+00:00)</p>
</div>
<div class="source-panel">
<span>Scanned the following path:</span>

2
docs/snyk/master/public.ecr.aws_docker_library_redis_8.2.3-alpine.html
View File

@@ -492,7 +492,7 @@
<div class="header-wrap">
<h1 class="project__header__title">Snyk test report</h1>
<p class="timestamp">January 11th 2026, 12:26:25 am (UTC+00:00)</p>
<p class="timestamp">January 18th 2026, 12:25:32 am (UTC+00:00)</p>
</div>
<div class="source-panel">
<span>Scanned the following path:</span>

587
docs/snyk/master/quay.io_argoproj_argocd_latest.html
View File

@@ -7,7 +7,7 @@
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<title>Snyk test report</title>
<meta name="description" content="11 known vulnerabilities found in 32 vulnerable dependency paths.">
<meta name="description" content="16 known vulnerabilities found in 54 vulnerable dependency paths.">
<base target="_blank">
<link rel="icon" type="image/png" href="https://res.cloudinary.com/snyk/image/upload/v1468845142/favicon/favicon.png"
sizes="194x194">
@@ -492,7 +492,7 @@
<div class="header-wrap">
<h1 class="project__header__title">Snyk test report</h1>
<p class="timestamp">January 11th 2026, 12:26:47 am (UTC+00:00)</p>
<p class="timestamp">January 18th 2026, 12:25:54 am (UTC+00:00)</p>
</div>
<div class="source-panel">
<span>Scanned the following paths:</span>
@@ -506,9 +506,9 @@
</div>
<div class="meta-counts">
<div class="meta-count"><span>11</span> <span>known vulnerabilities</span></div>
<div class="meta-count"><span>32 vulnerable dependency paths</span></div>
<div class="meta-count"><span>2314</span> <span>dependencies</span></div>
<div class="meta-count"><span>16</span> <span>known vulnerabilities</span></div>
<div class="meta-count"><span>54 vulnerable dependency paths</span></div>
<div class="meta-count"><span>2318</span> <span>dependencies</span></div>
</div><!-- .meta-counts -->
</div><!-- .layout-container--short -->
</header><!-- .project__header -->
@@ -886,6 +886,134 @@
<p><a href="https://snyk.io/vuln/SNYK-UBUNTU2510-PAM-13641242">More about this vulnerability</a></p>
</div>
</div><!-- .card -->
<div class="card card--vuln disclosure--not-new severity--medium" data-snyk-test="medium">
<h2 class="card__title">Improper Verification of Cryptographic Signature</h2>
<div class="card__section">
<div class="card__labels">
<div class="label label--medium">
<span class="label__text">medium severity</span>
</div>
<div class="label label--exploit">
<span class="label__text">Exploit: Not Defined</span>
</div>
</div>
<hr/>
<ul class="card__meta">
<li class="card__meta__item">
Manifest file: quay.io/argoproj/argocd:latest/argoproj/argocd <span class="list-paths__item__arrow"></span> Dockerfile
</li>
<li class="card__meta__item">
Package Manager: ubuntu:25.10
</li>
<li class="card__meta__item">
Vulnerable module:
gnupg2/gpgv
</li>
<li class="card__meta__item">Introduced through:
docker-image|quay.io/argoproj/argocd@latest and gnupg2/gpgv@2.4.8-2ubuntu2.1
</li>
</ul>
<hr/>
<h3 class="card__section__title">Detailed paths</h3>
<ul class="card__meta__paths">
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|quay.io/argoproj/argocd@latest
<span class="list-paths__item__arrow"></span>
gnupg2/gpgv@2.4.8-2ubuntu2.1
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|quay.io/argoproj/argocd@latest
<span class="list-paths__item__arrow"></span>
apt@3.1.6ubuntu2
<span class="list-paths__item__arrow"></span>
gnupg2/gpgv@2.4.8-2ubuntu2.1
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|quay.io/argoproj/argocd@latest
<span class="list-paths__item__arrow"></span>
gnupg2/gpg@2.4.8-2ubuntu2.1
<span class="list-paths__item__arrow"></span>
gnupg2/gpgconf@2.4.8-2ubuntu2.1
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|quay.io/argoproj/argocd@latest
<span class="list-paths__item__arrow"></span>
gnupg2/gpg-agent@2.4.8-2ubuntu2.1
<span class="list-paths__item__arrow"></span>
gnupg2/gpgconf@2.4.8-2ubuntu2.1
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|quay.io/argoproj/argocd@latest
<span class="list-paths__item__arrow"></span>
gnupg2/gpg@2.4.8-2ubuntu2.1
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|quay.io/argoproj/argocd@latest
<span class="list-paths__item__arrow"></span>
gnupg2/gpg-agent@2.4.8-2ubuntu2.1
</span>
</li>
</ul><!-- .list-paths -->
</div><!-- .card__section -->
<hr/>
<!-- Overview -->
<h2 id="nvd-description">NVD Description</h2>
<p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>gnupg2</code> package and not the <code>gnupg2</code> package as distributed by <code>Ubuntu</code>.</em>
<em>See <code>How to fix?</code> for <code>Ubuntu:25.10</code> relevant fixed versions and status.</em></p>
<p>In GnuPG through 2.4.8, if a signed message has \f at the end of a plaintext line, an adversary can construct a modified message that places additional text after the signed material, such that signature verification of the modified message succeeds (although an &#34;invalid armor&#34; message is printed during verification). This is related to use of \f as a marker to denote truncation of a long plaintext line.</p>
<h2 id="remediation">Remediation</h2>
<p>There is no fixed version for <code>Ubuntu:25.10</code> <code>gnupg2</code>.</p>
<h2 id="references">References</h2>
<ul>
<li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-68972">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-68972</a></li>
<li><a href="https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i">https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i</a></li>
<li><a href="https://news.ycombinator.com/item?id=46404339">https://news.ycombinator.com/item?id=46404339</a></li>
<li><a href="https://gpg.fail/formfeed">https://gpg.fail/formfeed</a></li>
</ul>
<hr/>
<div class="cta card__cta">
<p><a href="https://snyk.io/vuln/SNYK-UBUNTU2510-GNUPG2-14849571">More about this vulnerability</a></p>
</div>
</div><!-- .card -->
<div class="card card--vuln disclosure--not-new severity--medium" data-snyk-test="medium">
<h2 class="card__title">Improper Encoding or Escaping of Output</h2>
@@ -984,6 +1112,85 @@
<p><a href="https://snyk.io/vuln/SNYK-UBUNTU2510-GIT-14548189">More about this vulnerability</a></p>
</div>
</div><!-- .card -->
<div class="card card--vuln disclosure--not-new severity--medium" data-snyk-test="medium">
<h2 class="card__title">Link Following</h2>
<div class="card__section">
<div class="card__labels">
<div class="label label--medium">
<span class="label__text">medium severity</span>
</div>
<div class="label label--exploit">
<span class="label__text">Exploit: Not Defined</span>
</div>
</div>
<hr/>
<ul class="card__meta">
<li class="card__meta__item">
Manifest file: quay.io/argoproj/argocd:latest/argoproj/argocd <span class="list-paths__item__arrow"></span> Dockerfile
</li>
<li class="card__meta__item">
Package Manager: ubuntu:25.10
</li>
<li class="card__meta__item">
Vulnerable module:
git-lfs
</li>
<li class="card__meta__item">Introduced through:
docker-image|quay.io/argoproj/argocd@latest and git-lfs@3.6.1-1
</li>
</ul>
<hr/>
<h3 class="card__section__title">Detailed paths</h3>
<ul class="card__meta__paths">
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|quay.io/argoproj/argocd@latest
<span class="list-paths__item__arrow"></span>
git-lfs@3.6.1-1
</span>
</li>
</ul><!-- .list-paths -->
</div><!-- .card__section -->
<hr/>
<!-- Overview -->
<h2 id="nvd-description">NVD Description</h2>
<p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>git-lfs</code> package and not the <code>git-lfs</code> package as distributed by <code>Ubuntu</code>.</em>
<em>See <code>How to fix?</code> for <code>Ubuntu:25.10</code> relevant fixed versions and status.</em></p>
<p>Git LFS is a Git extension for versioning large files. In Git LFS versions 0.5.2 through 3.7.0, when populating a Git repository&#39;s working tree with the contents of Git LFS objects, certain Git LFS commands may write to files visible outside the current Git working tree if symbolic or hard links exist which collide with the paths of files tracked by Git LFS. The git lfs checkout and git lfs pull commands do not check for symbolic links before writing to files in the working tree, allowing an attacker to craft a repository containing symbolic or hard links that cause Git LFS to write to arbitrary file system locations accessible to the user running these commands. As well, when the git lfs checkout and git lfs pull commands are run in a bare repository, they could write to files visible outside the repository. The vulnerability is fixed in version 3.7.1. As a workaround, support for symlinks in Git may be disabled by setting the core.symlinks configuration option to false, after which further clones and fetches will not create symbolic links. However, any symbolic or hard links in existing repositories will still provide the opportunity for Git LFS to write to their targets.</p>
<h2 id="remediation">Remediation</h2>
<p>There is no fixed version for <code>Ubuntu:25.10</code> <code>git-lfs</code>.</p>
<h2 id="references">References</h2>
<ul>
<li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-26625">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-26625</a></li>
<li><a href="https://github.com/git-lfs/git-lfs/commit/0cffe93176b870055c9dadbb3cc9a4a440e98396">https://github.com/git-lfs/git-lfs/commit/0cffe93176b870055c9dadbb3cc9a4a440e98396</a></li>
<li><a href="https://github.com/git-lfs/git-lfs/commit/5c11ffce9a4f095ff356bc781e2a031abb46c1a8">https://github.com/git-lfs/git-lfs/commit/5c11ffce9a4f095ff356bc781e2a031abb46c1a8</a></li>
<li><a href="https://github.com/git-lfs/git-lfs/commit/d02bd13f02ef76f6807581cd6b34709069cb3615">https://github.com/git-lfs/git-lfs/commit/d02bd13f02ef76f6807581cd6b34709069cb3615</a></li>
<li><a href="https://github.com/git-lfs/git-lfs/releases/tag/v3.7.1">https://github.com/git-lfs/git-lfs/releases/tag/v3.7.1</a></li>
<li><a href="https://github.com/git-lfs/git-lfs/security/advisories/GHSA-6pvw-g552-53c5">https://github.com/git-lfs/git-lfs/security/advisories/GHSA-6pvw-g552-53c5</a></li>
</ul>
<hr/>
<div class="cta card__cta">
<p><a href="https://snyk.io/vuln/SNYK-UBUNTU2510-GITLFS-13653090">More about this vulnerability</a></p>
</div>
</div><!-- .card -->
<div class="card card--vuln disclosure--not-new severity--medium" data-snyk-test="medium">
<h2 class="card__title">Algorithmic Complexity</h2>
@@ -1221,6 +1428,142 @@
<p><a href="https://snyk.io/vuln/SNYK-UBUNTU2510-CURL-14894734">More about this vulnerability</a></p>
</div>
</div><!-- .card -->
<div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low">
<h2 class="card__title">CVE-2024-56433</h2>
<div class="card__section">
<div class="card__labels">
<div class="label label--low">
<span class="label__text">low severity</span>
</div>
<div class="label label--exploit">
<span class="label__text">Exploit: Not Defined</span>
</div>
</div>
<hr/>
<ul class="card__meta">
<li class="card__meta__item">
Manifest file: quay.io/argoproj/argocd:latest/argoproj/argocd <span class="list-paths__item__arrow"></span> Dockerfile
</li>
<li class="card__meta__item">
Package Manager: ubuntu:25.10
</li>
<li class="card__meta__item">
Vulnerable module:
shadow/login.defs
</li>
<li class="card__meta__item">Introduced through:
docker-image|quay.io/argoproj/argocd@latest and shadow/login.defs@1:4.17.4-2ubuntu2
</li>
</ul>
<hr/>
<h3 class="card__section__title">Detailed paths</h3>
<ul class="card__meta__paths">
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|quay.io/argoproj/argocd@latest
<span class="list-paths__item__arrow"></span>
shadow/login.defs@1:4.17.4-2ubuntu2
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|quay.io/argoproj/argocd@latest
<span class="list-paths__item__arrow"></span>
util-linux/login@1:4.16.0-2+really2.41-4ubuntu4.1
<span class="list-paths__item__arrow"></span>
shadow/login.defs@1:4.17.4-2ubuntu2
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|quay.io/argoproj/argocd@latest
<span class="list-paths__item__arrow"></span>
apt@3.1.6ubuntu2
<span class="list-paths__item__arrow"></span>
adduser@3.152ubuntu1
<span class="list-paths__item__arrow"></span>
shadow/passwd@1:4.17.4-2ubuntu2
<span class="list-paths__item__arrow"></span>
shadow/login.defs@1:4.17.4-2ubuntu2
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|quay.io/argoproj/argocd@latest
<span class="list-paths__item__arrow"></span>
shadow/passwd@1:4.17.4-2ubuntu2
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|quay.io/argoproj/argocd@latest
<span class="list-paths__item__arrow"></span>
openssh/openssh-client@1:10.0p1-5ubuntu5
<span class="list-paths__item__arrow"></span>
shadow/passwd@1:4.17.4-2ubuntu2
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|quay.io/argoproj/argocd@latest
<span class="list-paths__item__arrow"></span>
apt@3.1.6ubuntu2
<span class="list-paths__item__arrow"></span>
adduser@3.152ubuntu1
<span class="list-paths__item__arrow"></span>
shadow/passwd@1:4.17.4-2ubuntu2
</span>
</li>
</ul><!-- .list-paths -->
</div><!-- .card__section -->
<hr/>
<!-- Overview -->
<h2 id="nvd-description">NVD Description</h2>
<p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>shadow</code> package and not the <code>shadow</code> package as distributed by <code>Ubuntu</code>.</em>
<em>See <code>How to fix?</code> for <code>Ubuntu:25.10</code> relevant fixed versions and status.</em></p>
<p>shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default /etc/subuid behavior (e.g., uid 100000 through 165535 for the first user account) that can realistically conflict with the uids of users defined on locally administered networks, potentially leading to account takeover, e.g., by leveraging newuidmap for access to an NFS home directory (or same-host resources in the case of remote logins by these local network users). NOTE: it may also be argued that system administrators should not have assigned uids, within local networks, that are within the range that can occur in /etc/subuid.</p>
<h2 id="remediation">Remediation</h2>
<p>There is no fixed version for <code>Ubuntu:25.10</code> <code>shadow</code>.</p>
<h2 id="references">References</h2>
<ul>
<li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2024-56433">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2024-56433</a></li>
<li><a href="https://github.com/shadow-maint/shadow/blob/e2512d5741d4a44bdd81a8c2d0029b6222728cf0/etc/login.defs#L238-L241">https://github.com/shadow-maint/shadow/blob/e2512d5741d4a44bdd81a8c2d0029b6222728cf0/etc/login.defs#L238-L241</a></li>
<li><a href="https://github.com/shadow-maint/shadow/issues/1157">https://github.com/shadow-maint/shadow/issues/1157</a></li>
<li><a href="https://github.com/shadow-maint/shadow/releases/tag/4.4">https://github.com/shadow-maint/shadow/releases/tag/4.4</a></li>
</ul>
<hr/>
<div class="cta card__cta">
<p><a href="https://snyk.io/vuln/SNYK-UBUNTU2510-SHADOW-15020669">More about this vulnerability</a></p>
</div>
</div><!-- .card -->
<div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low">
<h2 class="card__title">Information Exposure</h2>
@@ -1282,6 +1625,17 @@
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|quay.io/argoproj/argocd@latest
<span class="list-paths__item__arrow"></span>
gnupg2/gpg-agent@2.4.8-2ubuntu2.1
<span class="list-paths__item__arrow"></span>
libgcrypt20@1.11.0-7build1
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
@@ -1338,6 +1692,137 @@
<p><a href="https://snyk.io/vuln/SNYK-UBUNTU2510-LIBGCRYPT20-14104143">More about this vulnerability</a></p>
</div>
</div><!-- .card -->
<div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low">
<h2 class="card__title">Out-of-bounds Write</h2>
<div class="card__section">
<div class="card__labels">
<div class="label label--low">
<span class="label__text">low severity</span>
</div>
<div class="label label--exploit">
<span class="label__text">Exploit: Not Defined</span>
</div>
</div>
<hr/>
<ul class="card__meta">
<li class="card__meta__item">
Manifest file: quay.io/argoproj/argocd:latest/argoproj/argocd <span class="list-paths__item__arrow"></span> Dockerfile
</li>
<li class="card__meta__item">
Package Manager: ubuntu:25.10
</li>
<li class="card__meta__item">
Vulnerable module:
gnupg2/gpgv
</li>
<li class="card__meta__item">Introduced through:
docker-image|quay.io/argoproj/argocd@latest and gnupg2/gpgv@2.4.8-2ubuntu2.1
</li>
</ul>
<hr/>
<h3 class="card__section__title">Detailed paths</h3>
<ul class="card__meta__paths">
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|quay.io/argoproj/argocd@latest
<span class="list-paths__item__arrow"></span>
gnupg2/gpgv@2.4.8-2ubuntu2.1
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|quay.io/argoproj/argocd@latest
<span class="list-paths__item__arrow"></span>
apt@3.1.6ubuntu2
<span class="list-paths__item__arrow"></span>
gnupg2/gpgv@2.4.8-2ubuntu2.1
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|quay.io/argoproj/argocd@latest
<span class="list-paths__item__arrow"></span>
gnupg2/gpg@2.4.8-2ubuntu2.1
<span class="list-paths__item__arrow"></span>
gnupg2/gpgconf@2.4.8-2ubuntu2.1
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|quay.io/argoproj/argocd@latest
<span class="list-paths__item__arrow"></span>
gnupg2/gpg-agent@2.4.8-2ubuntu2.1
<span class="list-paths__item__arrow"></span>
gnupg2/gpgconf@2.4.8-2ubuntu2.1
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|quay.io/argoproj/argocd@latest
<span class="list-paths__item__arrow"></span>
gnupg2/gpg@2.4.8-2ubuntu2.1
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|quay.io/argoproj/argocd@latest
<span class="list-paths__item__arrow"></span>
gnupg2/gpg-agent@2.4.8-2ubuntu2.1
</span>
</li>
</ul><!-- .list-paths -->
</div><!-- .card__section -->
<hr/>
<!-- Overview -->
<h2 id="nvd-description">NVD Description</h2>
<p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>gnupg2</code> package and not the <code>gnupg2</code> package as distributed by <code>Ubuntu</code>.</em>
<em>See <code>How to fix?</code> for <code>Ubuntu:25.10</code> relevant fixed versions and status.</em></p>
<p>GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.</p>
<h2 id="remediation">Remediation</h2>
<p>There is no fixed version for <code>Ubuntu:25.10</code> <code>gnupg2</code>.</p>
<h2 id="references">References</h2>
<ul>
<li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2022-3219">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2022-3219</a></li>
<li><a href="https://access.redhat.com/security/cve/CVE-2022-3219">https://access.redhat.com/security/cve/CVE-2022-3219</a></li>
<li><a href="https://bugzilla.redhat.com/show_bug.cgi?id=2127010">https://bugzilla.redhat.com/show_bug.cgi?id=2127010</a></li>
<li><a href="https://dev.gnupg.org/D556">https://dev.gnupg.org/D556</a></li>
<li><a href="https://dev.gnupg.org/T5993">https://dev.gnupg.org/T5993</a></li>
<li><a href="https://marc.info/?l=oss-security&m=165696590211434&w=4">https://marc.info/?l=oss-security&amp;m=165696590211434&amp;w=4</a></li>
<li><a href="https://security.netapp.com/advisory/ntap-20230324-0001/">https://security.netapp.com/advisory/ntap-20230324-0001/</a></li>
</ul>
<hr/>
<div class="cta card__cta">
<p><a href="https://snyk.io/vuln/SNYK-UBUNTU2510-GNUPG2-15023369">More about this vulnerability</a></p>
</div>
</div><!-- .card -->
<div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low">
<h2 class="card__title">CVE-2025-9086</h2>
@@ -1690,6 +2175,98 @@
</div>
</div><!-- .card -->
<div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low">
<h2 class="card__title">Improper Input Validation</h2>
<div class="card__section">
<div class="card__labels">
<div class="label label--low">
<span class="label__text">low severity</span>
</div>
<div class="label label--exploit">
<span class="label__text">Exploit: Not Defined</span>
</div>
</div>
<hr/>
<ul class="card__meta">
<li class="card__meta__item">
Manifest file: quay.io/argoproj/argocd:latest/argoproj/argocd <span class="list-paths__item__arrow"></span> Dockerfile
</li>
<li class="card__meta__item">
Package Manager: ubuntu:25.10
</li>
<li class="card__meta__item">
Vulnerable module:
coreutils/gnu-coreutils
</li>
<li class="card__meta__item">Introduced through:
docker-image|quay.io/argoproj/argocd@latest and coreutils/gnu-coreutils@9.5-1ubuntu4
</li>
</ul>
<hr/>
<h3 class="card__section__title">Detailed paths</h3>
<ul class="card__meta__paths">
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|quay.io/argoproj/argocd@latest
<span class="list-paths__item__arrow"></span>
coreutils/gnu-coreutils@9.5-1ubuntu4
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|quay.io/argoproj/argocd@latest
<span class="list-paths__item__arrow"></span>
coreutils-from/coreutils@9.5-1ubuntu2+0.0.0~ubuntu24
<span class="list-paths__item__arrow"></span>
coreutils-from/coreutils-from-uutils@0.0.0~ubuntu24
<span class="list-paths__item__arrow"></span>
coreutils/gnu-coreutils@9.5-1ubuntu4
</span>
</li>
</ul><!-- .list-paths -->
</div><!-- .card__section -->
<hr/>
<!-- Overview -->
<h2 id="nvd-description">NVD Description</h2>
<p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>coreutils</code> package and not the <code>coreutils</code> package as distributed by <code>Ubuntu</code>.</em>
<em>See <code>How to fix?</code> for <code>Ubuntu:25.10</code> relevant fixed versions and status.</em></p>
<p>chroot in GNU coreutils, when used with --userspec, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal&#39;s input buffer.</p>
<h2 id="remediation">Remediation</h2>
<p>There is no fixed version for <code>Ubuntu:25.10</code> <code>coreutils</code>.</p>
<h2 id="references">References</h2>
<ul>
<li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-2781">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-2781</a></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2016-2781">https://security-tracker.debian.org/tracker/CVE-2016-2781</a></li>
<li><a href="https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E">https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E</a></li>
<li><a href="http://www.openwall.com/lists/oss-security/2016/02/28/2">http://www.openwall.com/lists/oss-security/2016/02/28/2</a></li>
<li><a href="http://www.openwall.com/lists/oss-security/2016/02/28/3">http://www.openwall.com/lists/oss-security/2016/02/28/3</a></li>
<li><a href="https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E">https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E</a></li>
</ul>
<hr/>
<div class="cta card__cta">
<p><a href="https://snyk.io/vuln/SNYK-UBUNTU2510-COREUTILS-15027786">More about this vulnerability</a></p>
</div>
</div><!-- .card -->
</div><!-- cards -->
</div>
</main><!-- .layout-stacked__content -->

4035
docs/snyk/v3.0.21/argocd-test.html
View File

File diff suppressed because it is too large Load Diff

2
docs/snyk/v3.0.21/argocd-iac-install.html → docs/snyk/v3.0.22/argocd-iac-install.html
View File

@@ -456,7 +456,7 @@
<div class="header-wrap">
<h1 class="project__header__title">Snyk test report</h1>
<p class="timestamp">January 11th 2026, 12:38:58 am (UTC+00:00)</p>
<p class="timestamp">January 18th 2026, 12:38:09 am (UTC+00:00)</p>
</div>
<div class="source-panel">
<span>Scanned the following path:</span>

2
docs/snyk/v3.0.21/argocd-iac-namespace-install.html → docs/snyk/v3.0.22/argocd-iac-namespace-install.html
View File

@@ -456,7 +456,7 @@
<div class="header-wrap">
<h1 class="project__header__title">Snyk test report</h1>
<p class="timestamp">January 11th 2026, 12:39:12 am (UTC+00:00)</p>
<p class="timestamp">January 18th 2026, 12:38:20 am (UTC+00:00)</p>
</div>
<div class="source-panel">
<span>Scanned the following path:</span>

1453
docs/snyk/v3.1.10/argocd-test.html → docs/snyk/v3.0.22/argocd-test.html
View File

File diff suppressed because it is too large Load Diff

2
docs/snyk/v3.0.21/ghcr.io_dexidp_dex_v2.41.1.html → docs/snyk/v3.0.22/ghcr.io_dexidp_dex_v2.41.1.html
View File

@@ -492,7 +492,7 @@
<div class="header-wrap">
<h1 class="project__header__title">Snyk test report</h1>
<p class="timestamp">January 11th 2026, 12:36:59 am (UTC+00:00)</p>
<p class="timestamp">January 18th 2026, 12:36:14 am (UTC+00:00)</p>
</div>
<div class="source-panel">
<span>Scanned the following paths:</span>

2
docs/snyk/v3.2.3/public.ecr.aws_docker_library_haproxy_3.0.8-alpine.html → docs/snyk/v3.0.22/public.ecr.aws_docker_library_haproxy_3.0.8-alpine.html
View File

@@ -492,7 +492,7 @@
<div class="header-wrap">
<h1 class="project__header__title">Snyk test report</h1>
<p class="timestamp">January 11th 2026, 12:31:54 am (UTC+00:00)</p>
<p class="timestamp">January 18th 2026, 12:36:18 am (UTC+00:00)</p>
</div>
<div class="source-panel">
<span>Scanned the following path:</span>

2
docs/snyk/v3.0.21/public.ecr.aws_docker_library_redis_7.2.11-alpine.html → docs/snyk/v3.0.22/public.ecr.aws_docker_library_redis_7.2.11-alpine.html
View File

@@ -492,7 +492,7 @@
<div class="header-wrap">
<h1 class="project__header__title">Snyk test report</h1>
<p class="timestamp">January 11th 2026, 12:37:10 am (UTC+00:00)</p>
<p class="timestamp">January 18th 2026, 12:36:24 am (UTC+00:00)</p>
</div>
<div class="source-panel">
<span>Scanned the following paths:</span>

1016
docs/snyk/v3.0.21/quay.io_argoproj_argocd_v3.0.21.html → docs/snyk/v3.0.22/quay.io_argoproj_argocd_v3.0.22.html
View File

File diff suppressed because it is too large Load Diff

2
docs/snyk/v3.0.21/redis_7.2.11-alpine.html → docs/snyk/v3.0.22/redis_7.2.11-alpine.html
View File

@@ -492,7 +492,7 @@
<div class="header-wrap">
<h1 class="project__header__title">Snyk test report</h1>
<p class="timestamp">January 11th 2026, 12:37:38 am (UTC+00:00)</p>
<p class="timestamp">January 18th 2026, 12:36:51 am (UTC+00:00)</p>
</div>
<div class="source-panel">
<span>Scanned the following paths:</span>

2
docs/snyk/v3.1.10/argocd-iac-install.html → docs/snyk/v3.1.11/argocd-iac-install.html
View File

@@ -456,7 +456,7 @@
<div class="header-wrap">
<h1 class="project__header__title">Snyk test report</h1>
<p class="timestamp">January 11th 2026, 12:36:18 am (UTC+00:00)</p>
<p class="timestamp">January 18th 2026, 12:35:37 am (UTC+00:00)</p>
</div>
<div class="source-panel">
<span>Scanned the following path:</span>

2
docs/snyk/v3.1.10/argocd-iac-namespace-install.html → docs/snyk/v3.1.11/argocd-iac-namespace-install.html
View File

@@ -456,7 +456,7 @@
<div class="header-wrap">
<h1 class="project__header__title">Snyk test report</h1>
<p class="timestamp">January 11th 2026, 12:36:29 am (UTC+00:00)</p>
<p class="timestamp">January 18th 2026, 12:35:46 am (UTC+00:00)</p>
</div>
<div class="source-panel">
<span>Scanned the following path:</span>

778
docs/snyk/v3.2.3/argocd-test.html → docs/snyk/v3.1.11/argocd-test.html
View File

@@ -7,7 +7,7 @@
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<title>Snyk test report</title>
<meta name="description" content="8 known vulnerabilities found in 53 vulnerable dependency paths.">
<meta name="description" content="7 known vulnerabilities found in 11 vulnerable dependency paths.">
<base target="_blank">
<link rel="icon" type="image/png" href="https://res.cloudinary.com/snyk/image/upload/v1468845142/favicon/favicon.png"
sizes="194x194">
@@ -492,7 +492,7 @@
<div class="header-wrap">
<h1 class="project__header__title">Snyk test report</h1>
<p class="timestamp">January 11th 2026, 12:31:42 am (UTC+00:00)</p>
<p class="timestamp">January 18th 2026, 12:33:30 am (UTC+00:00)</p>
</div>
<div class="source-panel">
<span>Scanned the following paths:</span>
@@ -504,9 +504,9 @@
</div>
<div class="meta-counts">
<div class="meta-count"><span>8</span> <span>known vulnerabilities</span></div>
<div class="meta-count"><span>53 vulnerable dependency paths</span></div>
<div class="meta-count"><span>2115</span> <span>dependencies</span></div>
<div class="meta-count"><span>7</span> <span>known vulnerabilities</span></div>
<div class="meta-count"><span>11 vulnerable dependency paths</span></div>
<div class="meta-count"><span>2105</span> <span>dependencies</span></div>
</div><!-- .meta-counts -->
</div><!-- .layout-container--short -->
</header><!-- .project__header -->
@@ -514,16 +514,16 @@
<div class="layout-container" style="padding-top: 35px;">
<div class="cards--vuln filter--patch filter--ignore">
<div class="card card--vuln disclosure--not-new severity--high" data-snyk-test="high">
<h2 class="card__title">Open Redirect</h2>
<div class="card card--vuln disclosure--not-new severity--critical" data-snyk-test="critical">
<h2 class="card__title">Predictable Value Range from Previous Values</h2>
<div class="card__section">
<div class="card__labels">
<div class="label label--high">
<span class="label__text">high severity</span>
<div class="label label--critical">
<span class="label__text">critical severity</span>
</div>
<div class="label label--exploit">
<span class="label__text">Exploit: Not Defined</span>
<span class="label__text">Exploit: Proof of Concept</span>
</div>
</div>
@@ -539,13 +539,13 @@
<li class="card__meta__item">
Vulnerable module:
react-router
form-data
</li>
<li class="card__meta__item">Introduced through:
argo-cd-ui@1.0.0 and react-router@4.3.1
argo-cd-ui@1.0.0, superagent@8.1.2 and others
</li>
</ul>
@@ -559,31 +559,9 @@
<span class="list-paths__item__introduced"><em>Introduced through</em>:
argo-cd-ui@1.0.0
<span class="list-paths__item__arrow"></span>
react-router@4.3.1
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
argo-cd-ui@1.0.0
superagent@8.1.2
<span class="list-paths__item__arrow"></span>
react-router-dom@4.3.1
<span class="list-paths__item__arrow"></span>
react-router@4.3.1
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
argo-cd-ui@1.0.0
<span class="list-paths__item__arrow"></span>
argo-ui@1.0.0
<span class="list-paths__item__arrow"></span>
react-router-dom@4.3.1
<span class="list-paths__item__arrow"></span>
react-router@4.3.1
form-data@4.0.0
</span>
@@ -595,20 +573,22 @@
<hr/>
<!-- Overview -->
<h2 id="overview">Overview</h2>
<p>Affected versions of this package are vulnerable to Open Redirect via the <code>resolvePath()</code> function when used with <code>navigate</code>, <code>&lt;Link&gt;</code>, or <code>redirect</code>. An attacker can cause the application to redirect users to external, potentially malicious URLs by supplying crafted paths. </p>
<p><strong>Note:</strong></p>
<p>This is only exploitable if untrusted content is passed into navigation paths in the application code.</p>
<p>Affected versions of this package are vulnerable to Predictable Value Range from Previous Values via the <code>boundary</code> value, which uses <code>Math.random()</code>. An attacker can manipulate HTTP request boundaries by exploiting predictable values, potentially leading to HTTP parameter pollution.</p>
<h2 id="remediation">Remediation</h2>
<p>Upgrade <code>react-router</code> to version 6.30.2, 7.9.6 or higher.</p>
<p>Upgrade <code>form-data</code> to version 2.5.4, 3.0.4, 4.0.4 or higher.</p>
<h2 id="references">References</h2>
<ul>
<li><a href="https://github.com/remix-run/react-router/commit/02e65a55daa6f9c0aa88d0de8732330e0b449dad">GitHub Commit</a></li>
<li><a href="https://github.com/form-data/form-data/commit/3d1723080e6577a66f17f163ecd345a21d8d0fd0">GitHub Commit</a></li>
<li><a href="https://github.com/form-data/form-data/commit/b88316c94bb004323669cd3639dc8bb8262539eb">GitHub Commit</a></li>
<li><a href="https://github.com/form-data/form-data/commit/c6ced61d4fae8f617ee2fd692133ed87baa5d0fd">GitHub Commit</a></li>
<li><a href="https://github.com/benweissmann/CVE-2025-7783-poc">POC</a></li>
<li><a href="https://github.com/form-data/form-data/blob/426ba9ac440f95d1998dac9a5cd8d738043b048f/lib/form_data.js#L347">Vulnerable Code</a></li>
</ul>
<hr/>
<div class="cta card__cta">
<p><a href="https://snyk.io/vuln/SNYK-JS-REACTROUTER-14908286">More about this vulnerability</a></p>
<p><a href="https://snyk.io/vuln/SNYK-JS-FORMDATA-10841150">More about this vulnerability</a></p>
</div>
</div><!-- .card -->
@@ -706,720 +686,6 @@
<p><a href="https://snyk.io/vuln/SNYK-JS-QS-14724253">More about this vulnerability</a></p>
</div>
</div><!-- .card -->
<div class="card card--vuln disclosure--not-new severity--high" data-snyk-test="high">
<h2 class="card__title">Allocation of Resources Without Limits or Throttling</h2>
<div class="card__section">
<div class="card__labels">
<div class="label label--high">
<span class="label__text">high severity</span>
</div>
<div class="label label--exploit">
<span class="label__text">Exploit: Not Defined</span>
</div>
</div>
<hr/>
<ul class="card__meta">
<li class="card__meta__item">
Manifest file: /argo-cd/argoproj/argo-cd/v3 <span class="list-paths__item__arrow"></span> go.mod
</li>
<li class="card__meta__item">
Package Manager: golang
</li>
<li class="card__meta__item">
Vulnerable module:
github.com/expr-lang/expr/builtin
</li>
<li class="card__meta__item">Introduced through:
github.com/argoproj/argo-cd/v3@0.0.0, github.com/expr-lang/expr@1.17.6 and others
</li>
</ul>
<hr/>
<h3 class="card__section__title">Detailed paths</h3>
<ul class="card__meta__paths">
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
github.com/argoproj/argo-cd/v3@0.0.0
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr@1.17.6
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr/builtin@1.17.6
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
github.com/argoproj/argo-cd/v3@0.0.0
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr@1.17.6
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr/parser@1.17.6
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr/builtin@1.17.6
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
github.com/argoproj/argo-cd/v3@0.0.0
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr@1.17.6
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr/vm@1.17.6
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr/builtin@1.17.6
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
github.com/argoproj/argo-cd/v3@0.0.0
<span class="list-paths__item__arrow"></span>
github.com/argoproj/notifications-engine/pkg/triggers@#da04400446ff
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr/vm@1.17.6
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr/builtin@1.17.6
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
github.com/argoproj/argo-cd/v3@0.0.0
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr@1.17.6
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr/compiler@1.17.6
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr/builtin@1.17.6
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
github.com/argoproj/argo-cd/v3@0.0.0
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr@1.17.6
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr/patcher@1.17.6
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr/builtin@1.17.6
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
github.com/argoproj/argo-cd/v3@0.0.0
<span class="list-paths__item__arrow"></span>
github.com/argoproj/notifications-engine/pkg/triggers@#da04400446ff
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr@1.17.6
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr/builtin@1.17.6
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
github.com/argoproj/argo-cd/v3@0.0.0
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr@1.17.6
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr/compiler@1.17.6
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr/checker@1.17.6
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr/builtin@1.17.6
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
github.com/argoproj/argo-cd/v3@0.0.0
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr@1.17.6
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr/vm@1.17.6
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr/conf@1.17.6
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr/builtin@1.17.6
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
github.com/argoproj/argo-cd/v3@0.0.0
<span class="list-paths__item__arrow"></span>
github.com/argoproj/notifications-engine/pkg/triggers@#da04400446ff
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr/vm@1.17.6
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr/conf@1.17.6
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr/builtin@1.17.6
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
github.com/argoproj/argo-cd/v3@0.0.0
<span class="list-paths__item__arrow"></span>
github.com/argoproj/notifications-engine/pkg/triggers@#da04400446ff
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr@1.17.6
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr/parser@1.17.6
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr/builtin@1.17.6
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
github.com/argoproj/argo-cd/v3@0.0.0
<span class="list-paths__item__arrow"></span>
github.com/argoproj/notifications-engine/pkg/api@#da04400446ff
<span class="list-paths__item__arrow"></span>
github.com/argoproj/notifications-engine/pkg/triggers@#da04400446ff
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr/vm@1.17.6
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr/builtin@1.17.6
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
github.com/argoproj/argo-cd/v3@0.0.0
<span class="list-paths__item__arrow"></span>
github.com/argoproj/notifications-engine/pkg/cmd@#da04400446ff
<span class="list-paths__item__arrow"></span>
github.com/argoproj/notifications-engine/pkg/triggers@#da04400446ff
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr/vm@1.17.6
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr/builtin@1.17.6
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
github.com/argoproj/argo-cd/v3@0.0.0
<span class="list-paths__item__arrow"></span>
github.com/argoproj/notifications-engine/pkg/controller@#da04400446ff
<span class="list-paths__item__arrow"></span>
github.com/argoproj/notifications-engine/pkg/triggers@#da04400446ff
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr/vm@1.17.6
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr/builtin@1.17.6
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
github.com/argoproj/argo-cd/v3@0.0.0
<span class="list-paths__item__arrow"></span>
github.com/argoproj/notifications-engine/pkg/triggers@#da04400446ff
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr@1.17.6
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr/compiler@1.17.6
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr/builtin@1.17.6
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
github.com/argoproj/argo-cd/v3@0.0.0
<span class="list-paths__item__arrow"></span>
github.com/argoproj/notifications-engine/pkg/triggers@#da04400446ff
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr@1.17.6
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr/patcher@1.17.6
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr/builtin@1.17.6
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
github.com/argoproj/argo-cd/v3@0.0.0
<span class="list-paths__item__arrow"></span>
github.com/argoproj/notifications-engine/pkg/api@#da04400446ff
<span class="list-paths__item__arrow"></span>
github.com/argoproj/notifications-engine/pkg/triggers@#da04400446ff
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr@1.17.6
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr/builtin@1.17.6
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
github.com/argoproj/argo-cd/v3@0.0.0
<span class="list-paths__item__arrow"></span>
github.com/argoproj/notifications-engine/pkg/cmd@#da04400446ff
<span class="list-paths__item__arrow"></span>
github.com/argoproj/notifications-engine/pkg/triggers@#da04400446ff
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr@1.17.6
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr/builtin@1.17.6
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
github.com/argoproj/argo-cd/v3@0.0.0
<span class="list-paths__item__arrow"></span>
github.com/argoproj/notifications-engine/pkg/controller@#da04400446ff
<span class="list-paths__item__arrow"></span>
github.com/argoproj/notifications-engine/pkg/triggers@#da04400446ff
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr@1.17.6
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr/builtin@1.17.6
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
github.com/argoproj/argo-cd/v3@0.0.0
<span class="list-paths__item__arrow"></span>
github.com/argoproj/notifications-engine/pkg/triggers@#da04400446ff
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr@1.17.6
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr/compiler@1.17.6
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr/checker@1.17.6
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr/builtin@1.17.6
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
github.com/argoproj/argo-cd/v3@0.0.0
<span class="list-paths__item__arrow"></span>
github.com/argoproj/notifications-engine/pkg/api@#da04400446ff
<span class="list-paths__item__arrow"></span>
github.com/argoproj/notifications-engine/pkg/triggers@#da04400446ff
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr/vm@1.17.6
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr/conf@1.17.6
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr/builtin@1.17.6
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
github.com/argoproj/argo-cd/v3@0.0.0
<span class="list-paths__item__arrow"></span>
github.com/argoproj/notifications-engine/pkg/cmd@#da04400446ff
<span class="list-paths__item__arrow"></span>
github.com/argoproj/notifications-engine/pkg/triggers@#da04400446ff
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr/vm@1.17.6
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr/conf@1.17.6
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr/builtin@1.17.6
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
github.com/argoproj/argo-cd/v3@0.0.0
<span class="list-paths__item__arrow"></span>
github.com/argoproj/notifications-engine/pkg/controller@#da04400446ff
<span class="list-paths__item__arrow"></span>
github.com/argoproj/notifications-engine/pkg/triggers@#da04400446ff
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr/vm@1.17.6
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr/conf@1.17.6
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr/builtin@1.17.6
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
github.com/argoproj/argo-cd/v3@0.0.0
<span class="list-paths__item__arrow"></span>
github.com/argoproj/notifications-engine/pkg/api@#da04400446ff
<span class="list-paths__item__arrow"></span>
github.com/argoproj/notifications-engine/pkg/triggers@#da04400446ff
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr@1.17.6
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr/parser@1.17.6
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr/builtin@1.17.6
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
github.com/argoproj/argo-cd/v3@0.0.0
<span class="list-paths__item__arrow"></span>
github.com/argoproj/notifications-engine/pkg/cmd@#da04400446ff
<span class="list-paths__item__arrow"></span>
github.com/argoproj/notifications-engine/pkg/triggers@#da04400446ff
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr@1.17.6
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr/parser@1.17.6
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr/builtin@1.17.6
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
github.com/argoproj/argo-cd/v3@0.0.0
<span class="list-paths__item__arrow"></span>
github.com/argoproj/notifications-engine/pkg/controller@#da04400446ff
<span class="list-paths__item__arrow"></span>
github.com/argoproj/notifications-engine/pkg/triggers@#da04400446ff
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr@1.17.6
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr/parser@1.17.6
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr/builtin@1.17.6
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
github.com/argoproj/argo-cd/v3@0.0.0
<span class="list-paths__item__arrow"></span>
github.com/argoproj/notifications-engine/pkg/api@#da04400446ff
<span class="list-paths__item__arrow"></span>
github.com/argoproj/notifications-engine/pkg/triggers@#da04400446ff
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr@1.17.6
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr/compiler@1.17.6
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr/builtin@1.17.6
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
github.com/argoproj/argo-cd/v3@0.0.0
<span class="list-paths__item__arrow"></span>
github.com/argoproj/notifications-engine/pkg/cmd@#da04400446ff
<span class="list-paths__item__arrow"></span>
github.com/argoproj/notifications-engine/pkg/triggers@#da04400446ff
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr@1.17.6
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr/compiler@1.17.6
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr/builtin@1.17.6
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
github.com/argoproj/argo-cd/v3@0.0.0
<span class="list-paths__item__arrow"></span>
github.com/argoproj/notifications-engine/pkg/controller@#da04400446ff
<span class="list-paths__item__arrow"></span>
github.com/argoproj/notifications-engine/pkg/triggers@#da04400446ff
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr@1.17.6
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr/compiler@1.17.6
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr/builtin@1.17.6
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
github.com/argoproj/argo-cd/v3@0.0.0
<span class="list-paths__item__arrow"></span>
github.com/argoproj/notifications-engine/pkg/api@#da04400446ff
<span class="list-paths__item__arrow"></span>
github.com/argoproj/notifications-engine/pkg/triggers@#da04400446ff
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr@1.17.6
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr/patcher@1.17.6
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr/builtin@1.17.6
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
github.com/argoproj/argo-cd/v3@0.0.0
<span class="list-paths__item__arrow"></span>
github.com/argoproj/notifications-engine/pkg/cmd@#da04400446ff
<span class="list-paths__item__arrow"></span>
github.com/argoproj/notifications-engine/pkg/triggers@#da04400446ff
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr@1.17.6
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr/patcher@1.17.6
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr/builtin@1.17.6
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
github.com/argoproj/argo-cd/v3@0.0.0
<span class="list-paths__item__arrow"></span>
github.com/argoproj/notifications-engine/pkg/controller@#da04400446ff
<span class="list-paths__item__arrow"></span>
github.com/argoproj/notifications-engine/pkg/triggers@#da04400446ff
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr@1.17.6
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr/patcher@1.17.6
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr/builtin@1.17.6
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
github.com/argoproj/argo-cd/v3@0.0.0
<span class="list-paths__item__arrow"></span>
github.com/argoproj/notifications-engine/pkg/api@#da04400446ff
<span class="list-paths__item__arrow"></span>
github.com/argoproj/notifications-engine/pkg/triggers@#da04400446ff
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr@1.17.6
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr/compiler@1.17.6
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr/checker@1.17.6
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr/builtin@1.17.6
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
github.com/argoproj/argo-cd/v3@0.0.0
<span class="list-paths__item__arrow"></span>
github.com/argoproj/notifications-engine/pkg/cmd@#da04400446ff
<span class="list-paths__item__arrow"></span>
github.com/argoproj/notifications-engine/pkg/triggers@#da04400446ff
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr@1.17.6
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr/compiler@1.17.6
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr/checker@1.17.6
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr/builtin@1.17.6
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
github.com/argoproj/argo-cd/v3@0.0.0
<span class="list-paths__item__arrow"></span>
github.com/argoproj/notifications-engine/pkg/controller@#da04400446ff
<span class="list-paths__item__arrow"></span>
github.com/argoproj/notifications-engine/pkg/triggers@#da04400446ff
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr@1.17.6
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr/compiler@1.17.6
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr/checker@1.17.6
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr/builtin@1.17.6
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
github.com/argoproj/argo-cd/v3@0.0.0
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr@1.17.6
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr/vm@1.17.6
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr/conf@1.17.6
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr/types@1.17.6
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr/checker/nature@1.17.6
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr/builtin@1.17.6
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
github.com/argoproj/argo-cd/v3@0.0.0
<span class="list-paths__item__arrow"></span>
github.com/argoproj/notifications-engine/pkg/triggers@#da04400446ff
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr/vm@1.17.6
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr/conf@1.17.6
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr/types@1.17.6
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr/checker/nature@1.17.6
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr/builtin@1.17.6
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
github.com/argoproj/argo-cd/v3@0.0.0
<span class="list-paths__item__arrow"></span>
github.com/argoproj/notifications-engine/pkg/api@#da04400446ff
<span class="list-paths__item__arrow"></span>
github.com/argoproj/notifications-engine/pkg/triggers@#da04400446ff
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr/vm@1.17.6
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr/conf@1.17.6
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr/types@1.17.6
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr/checker/nature@1.17.6
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr/builtin@1.17.6
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
github.com/argoproj/argo-cd/v3@0.0.0
<span class="list-paths__item__arrow"></span>
github.com/argoproj/notifications-engine/pkg/cmd@#da04400446ff
<span class="list-paths__item__arrow"></span>
github.com/argoproj/notifications-engine/pkg/triggers@#da04400446ff
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr/vm@1.17.6
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr/conf@1.17.6
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr/types@1.17.6
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr/checker/nature@1.17.6
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr/builtin@1.17.6
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
github.com/argoproj/argo-cd/v3@0.0.0
<span class="list-paths__item__arrow"></span>
github.com/argoproj/notifications-engine/pkg/controller@#da04400446ff
<span class="list-paths__item__arrow"></span>
github.com/argoproj/notifications-engine/pkg/triggers@#da04400446ff
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr/vm@1.17.6
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr/conf@1.17.6
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr/types@1.17.6
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr/checker/nature@1.17.6
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr/builtin@1.17.6
</span>
</li>
</ul><!-- .list-paths -->
</div><!-- .card__section -->
<hr/>
<!-- Overview -->
<h2 id="overview">Overview</h2>
<p>Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the <code>flatten</code>, <code>min</code>, <code>max</code>, <code>mean</code>, and <code>median</code> functions when processing deeply nested or cyclic data structures. An attacker can cause the application to crash by supplying maliciously crafted input that triggers unbounded recursion and stack exhaustion. </p>
<h2 id="workaround">Workaround</h2>
<p>This vulnerability can be mitigated by ensuring evaluation environments do not contain cyclic references, validating or sanitizing externally supplied data structures, and wrapping expression evaluation with panic recovery to prevent a full process crash.</p>
<h2 id="remediation">Remediation</h2>
<p>Upgrade <code>github.com/expr-lang/expr/builtin</code> to version 1.17.7 or higher.</p>
<h2 id="references">References</h2>
<ul>
<li><a href="https://github.com/expr-lang/expr/commit/3dbda4bd9c2531a05fe0ea77a4bf4d7f294dc1da">GitHub Commit</a></li>
<li><a href="https://github.com/expr-lang/expr/pull/870">GitHub PR</a></li>
</ul>
<hr/>
<div class="cta card__cta">
<p><a href="https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMEXPRLANGEXPRBUILTIN-14459108">More about this vulnerability</a></p>
</div>
</div><!-- .card -->
<div class="card card--vuln disclosure--not-new severity--medium" data-snyk-test="medium">
<h2 class="card__title">Prototype Pollution</h2>

2
docs/snyk/v3.2.3/ghcr.io_dexidp_dex_v2.43.0.html → docs/snyk/v3.1.11/ghcr.io_dexidp_dex_v2.43.0.html
View File

@@ -492,7 +492,7 @@
<div class="header-wrap">
<h1 class="project__header__title">Snyk test report</h1>
<p class="timestamp">January 11th 2026, 12:31:49 am (UTC+00:00)</p>
<p class="timestamp">January 18th 2026, 12:33:38 am (UTC+00:00)</p>
</div>
<div class="source-panel">
<span>Scanned the following paths:</span>

2
docs/snyk/v3.1.10/public.ecr.aws_docker_library_haproxy_3.0.8-alpine.html → docs/snyk/v3.1.11/public.ecr.aws_docker_library_haproxy_3.0.8-alpine.html
View File

@@ -492,7 +492,7 @@
<div class="header-wrap">
<h1 class="project__header__title">Snyk test report</h1>
<p class="timestamp">January 11th 2026, 12:34:24 am (UTC+00:00)</p>
<p class="timestamp">January 18th 2026, 12:33:43 am (UTC+00:00)</p>
</div>
<div class="source-panel">
<span>Scanned the following path:</span>

2
docs/snyk/v3.1.10/public.ecr.aws_docker_library_redis_7.2.11-alpine.html → docs/snyk/v3.1.11/public.ecr.aws_docker_library_redis_7.2.11-alpine.html
View File

@@ -492,7 +492,7 @@
<div class="header-wrap">
<h1 class="project__header__title">Snyk test report</h1>
<p class="timestamp">January 11th 2026, 12:34:32 am (UTC+00:00)</p>
<p class="timestamp">January 18th 2026, 12:33:49 am (UTC+00:00)</p>
</div>
<div class="source-panel">
<span>Scanned the following paths:</span>

787
docs/snyk/v3.1.10/quay.io_argoproj_argocd_v3.1.10.html → docs/snyk/v3.1.11/quay.io_argoproj_argocd_v3.1.11.html
View File

File diff suppressed because it is too large Load Diff

2
docs/snyk/v3.2.3/argocd-iac-install.html → docs/snyk/v3.2.5/argocd-iac-install.html
View File

@@ -456,7 +456,7 @@
<div class="header-wrap">
<h1 class="project__header__title">Snyk test report</h1>
<p class="timestamp">January 11th 2026, 12:33:44 am (UTC+00:00)</p>
<p class="timestamp">January 18th 2026, 12:33:04 am (UTC+00:00)</p>
</div>
<div class="source-panel">
<span>Scanned the following path:</span>

2
docs/snyk/v3.2.3/argocd-iac-namespace-install.html → docs/snyk/v3.2.5/argocd-iac-namespace-install.html
View File

@@ -456,7 +456,7 @@
<div class="header-wrap">
<h1 class="project__header__title">Snyk test report</h1>
<p class="timestamp">January 11th 2026, 12:33:56 am (UTC+00:00)</p>
<p class="timestamp">January 18th 2026, 12:33:14 am (UTC+00:00)</p>
</div>
<div class="source-panel">
<span>Scanned the following path:</span>

1346
docs/snyk/v3.2.5/argocd-test.html Normal file
View File

File diff suppressed because it is too large Load Diff

2
docs/snyk/v3.1.10/ghcr.io_dexidp_dex_v2.43.0.html → docs/snyk/v3.2.5/ghcr.io_dexidp_dex_v2.43.0.html
View File

@@ -492,7 +492,7 @@
<div class="header-wrap">
<h1 class="project__header__title">Snyk test report</h1>
<p class="timestamp">January 11th 2026, 12:34:20 am (UTC+00:00)</p>
<p class="timestamp">January 18th 2026, 12:31:10 am (UTC+00:00)</p>
</div>
<div class="source-panel">
<span>Scanned the following paths:</span>

2
docs/snyk/v3.0.21/public.ecr.aws_docker_library_haproxy_3.0.8-alpine.html → docs/snyk/v3.2.5/public.ecr.aws_docker_library_haproxy_3.0.8-alpine.html
View File

@@ -492,7 +492,7 @@
<div class="header-wrap">
<h1 class="project__header__title">Snyk test report</h1>
<p class="timestamp">January 11th 2026, 12:37:04 am (UTC+00:00)</p>
<p class="timestamp">January 18th 2026, 12:31:15 am (UTC+00:00)</p>
</div>
<div class="source-panel">
<span>Scanned the following path:</span>

2
docs/snyk/v3.2.3/public.ecr.aws_docker_library_redis_8.2.2-alpine.html → docs/snyk/v3.2.5/public.ecr.aws_docker_library_redis_8.2.2-alpine.html
View File

@@ -492,7 +492,7 @@
<div class="header-wrap">
<h1 class="project__header__title">Snyk test report</h1>
<p class="timestamp">January 11th 2026, 12:32:01 am (UTC+00:00)</p>
<p class="timestamp">January 18th 2026, 12:31:21 am (UTC+00:00)</p>
</div>
<div class="source-panel">
<span>Scanned the following path:</span>

454
docs/snyk/v3.2.3/quay.io_argoproj_argocd_v3.2.3.html → docs/snyk/v3.2.5/quay.io_argoproj_argocd_v3.2.5.html
View File

File diff suppressed because it is too large Load Diff

2
docs/snyk/v3.3.0-rc3/argocd-iac-install.html
View File

@@ -456,7 +456,7 @@
<div class="header-wrap">
<h1 class="project__header__title">Snyk test report</h1>
<p class="timestamp">January 11th 2026, 12:31:18 am (UTC+00:00)</p>
<p class="timestamp">January 18th 2026, 12:30:28 am (UTC+00:00)</p>
</div>
<div class="source-panel">
<span>Scanned the following path:</span>

2
docs/snyk/v3.3.0-rc3/argocd-iac-namespace-install.html
View File

@@ -456,7 +456,7 @@
<div class="header-wrap">
<h1 class="project__header__title">Snyk test report</h1>
<p class="timestamp">January 11th 2026, 12:31:29 am (UTC+00:00)</p>
<p class="timestamp">January 18th 2026, 12:30:38 am (UTC+00:00)</p>
</div>
<div class="source-panel">
<span>Scanned the following path:</span>

823
docs/snyk/v3.3.0-rc3/argocd-test.html
View File

@@ -7,7 +7,7 @@
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<title>Snyk test report</title>
<meta name="description" content="6 known vulnerabilities found in 51 vulnerable dependency paths.">
<meta name="description" content="4 known vulnerabilities found in 8 vulnerable dependency paths.">
<base target="_blank">
<link rel="icon" type="image/png" href="https://res.cloudinary.com/snyk/image/upload/v1468845142/favicon/favicon.png"
sizes="194x194">
@@ -492,12 +492,11 @@
<div class="header-wrap">
<h1 class="project__header__title">Snyk test report</h1>
<p class="timestamp">January 11th 2026, 12:29:00 am (UTC+00:00)</p>
<p class="timestamp">January 18th 2026, 12:28:05 am (UTC+00:00)</p>
</div>
<div class="source-panel">
<span>Scanned the following paths:</span>
<ul>
<li class="paths">/argo-cd/argoproj/argo-cd/v3/go.mod (gomodules)</li>
<li class="paths">/argo-cd/argoproj/gitops-engine/gitops-engine/go.mod (gomodules)</li>
<li class="paths">/argo-cd/argoproj/argo-cd/get-previous-release/hack/get-previous-release/go.mod (gomodules)</li>
<li class="paths">/argo-cd/ui/yarn.lock (yarn)</li>
@@ -505,9 +504,9 @@
</div>
<div class="meta-counts">
<div class="meta-count"><span>6</span> <span>known vulnerabilities</span></div>
<div class="meta-count"><span>51 vulnerable dependency paths</span></div>
<div class="meta-count"><span>2868</span> <span>dependencies</span></div>
<div class="meta-count"><span>4</span> <span>known vulnerabilities</span></div>
<div class="meta-count"><span>8 vulnerable dependency paths</span></div>
<div class="meta-count"><span>1012</span> <span>dependencies</span></div>
</div><!-- .meta-counts -->
</div><!-- .layout-container--short -->
</header><!-- .project__header -->
@@ -515,104 +514,6 @@
<div class="layout-container" style="padding-top: 35px;">
<div class="cards--vuln filter--patch filter--ignore">
<div class="card card--vuln disclosure--not-new severity--high" data-snyk-test="high">
<h2 class="card__title">Open Redirect</h2>
<div class="card__section">
<div class="card__labels">
<div class="label label--high">
<span class="label__text">high severity</span>
</div>
<div class="label label--exploit">
<span class="label__text">Exploit: Not Defined</span>
</div>
</div>
<hr/>
<ul class="card__meta">
<li class="card__meta__item">
Manifest file: /argo-cd <span class="list-paths__item__arrow"></span> ui/yarn.lock
</li>
<li class="card__meta__item">
Package Manager: npm
</li>
<li class="card__meta__item">
Vulnerable module:
react-router
</li>
<li class="card__meta__item">Introduced through:
argo-cd-ui@1.0.0 and react-router@4.3.1
</li>
</ul>
<hr/>
<h3 class="card__section__title">Detailed paths</h3>
<ul class="card__meta__paths">
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
argo-cd-ui@1.0.0
<span class="list-paths__item__arrow"></span>
react-router@4.3.1
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
argo-cd-ui@1.0.0
<span class="list-paths__item__arrow"></span>
react-router-dom@4.3.1
<span class="list-paths__item__arrow"></span>
react-router@4.3.1
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
argo-cd-ui@1.0.0
<span class="list-paths__item__arrow"></span>
argo-ui@1.0.0
<span class="list-paths__item__arrow"></span>
react-router-dom@4.3.1
<span class="list-paths__item__arrow"></span>
react-router@4.3.1
</span>
</li>
</ul><!-- .list-paths -->
</div><!-- .card__section -->
<hr/>
<!-- Overview -->
<h2 id="overview">Overview</h2>
<p>Affected versions of this package are vulnerable to Open Redirect via the <code>resolvePath()</code> function when used with <code>navigate</code>, <code>&lt;Link&gt;</code>, or <code>redirect</code>. An attacker can cause the application to redirect users to external, potentially malicious URLs by supplying crafted paths. </p>
<p><strong>Note:</strong></p>
<p>This is only exploitable if untrusted content is passed into navigation paths in the application code.</p>
<h2 id="remediation">Remediation</h2>
<p>Upgrade <code>react-router</code> to version 6.30.2, 7.9.6 or higher.</p>
<h2 id="references">References</h2>
<ul>
<li><a href="https://github.com/remix-run/react-router/commit/02e65a55daa6f9c0aa88d0de8732330e0b449dad">GitHub Commit</a></li>
</ul>
<hr/>
<div class="cta card__cta">
<p><a href="https://snyk.io/vuln/SNYK-JS-REACTROUTER-14908286">More about this vulnerability</a></p>
</div>
</div><!-- .card -->
<div class="card card--vuln disclosure--not-new severity--high" data-snyk-test="high">
<h2 class="card__title">Allocation of Resources Without Limits or Throttling</h2>
<div class="card__section">
@@ -707,720 +608,6 @@
<p><a href="https://snyk.io/vuln/SNYK-JS-QS-14724253">More about this vulnerability</a></p>
</div>
</div><!-- .card -->
<div class="card card--vuln disclosure--not-new severity--high" data-snyk-test="high">
<h2 class="card__title">Allocation of Resources Without Limits or Throttling</h2>
<div class="card__section">
<div class="card__labels">
<div class="label label--high">
<span class="label__text">high severity</span>
</div>
<div class="label label--exploit">
<span class="label__text">Exploit: Not Defined</span>
</div>
</div>
<hr/>
<ul class="card__meta">
<li class="card__meta__item">
Manifest file: /argo-cd/argoproj/argo-cd/v3 <span class="list-paths__item__arrow"></span> go.mod
</li>
<li class="card__meta__item">
Package Manager: golang
</li>
<li class="card__meta__item">
Vulnerable module:
github.com/expr-lang/expr/builtin
</li>
<li class="card__meta__item">Introduced through:
github.com/argoproj/argo-cd/v3@0.0.0, github.com/expr-lang/expr@1.17.6 and others
</li>
</ul>
<hr/>
<h3 class="card__section__title">Detailed paths</h3>
<ul class="card__meta__paths">
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
github.com/argoproj/argo-cd/v3@0.0.0
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr@1.17.6
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr/builtin@1.17.6
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
github.com/argoproj/argo-cd/v3@0.0.0
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr@1.17.6
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr/parser@1.17.6
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr/builtin@1.17.6
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
github.com/argoproj/argo-cd/v3@0.0.0
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr@1.17.6
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr/vm@1.17.6
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr/builtin@1.17.6
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
github.com/argoproj/argo-cd/v3@0.0.0
<span class="list-paths__item__arrow"></span>
github.com/argoproj/notifications-engine/pkg/triggers@#e2e7fe18381a
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr/vm@1.17.6
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr/builtin@1.17.6
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
github.com/argoproj/argo-cd/v3@0.0.0
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr@1.17.6
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr/compiler@1.17.6
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr/builtin@1.17.6
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
github.com/argoproj/argo-cd/v3@0.0.0
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr@1.17.6
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr/patcher@1.17.6
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr/builtin@1.17.6
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
github.com/argoproj/argo-cd/v3@0.0.0
<span class="list-paths__item__arrow"></span>
github.com/argoproj/notifications-engine/pkg/triggers@#e2e7fe18381a
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr@1.17.6
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr/builtin@1.17.6
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
github.com/argoproj/argo-cd/v3@0.0.0
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr@1.17.6
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr/compiler@1.17.6
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr/checker@1.17.6
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr/builtin@1.17.6
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
github.com/argoproj/argo-cd/v3@0.0.0
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr@1.17.6
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr/vm@1.17.6
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr/conf@1.17.6
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr/builtin@1.17.6
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
github.com/argoproj/argo-cd/v3@0.0.0
<span class="list-paths__item__arrow"></span>
github.com/argoproj/notifications-engine/pkg/triggers@#e2e7fe18381a
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr/vm@1.17.6
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr/conf@1.17.6
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr/builtin@1.17.6
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
github.com/argoproj/argo-cd/v3@0.0.0
<span class="list-paths__item__arrow"></span>
github.com/argoproj/notifications-engine/pkg/triggers@#e2e7fe18381a
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr@1.17.6
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr/parser@1.17.6
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr/builtin@1.17.6
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
github.com/argoproj/argo-cd/v3@0.0.0
<span class="list-paths__item__arrow"></span>
github.com/argoproj/notifications-engine/pkg/api@#e2e7fe18381a
<span class="list-paths__item__arrow"></span>
github.com/argoproj/notifications-engine/pkg/triggers@#e2e7fe18381a
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr/vm@1.17.6
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr/builtin@1.17.6
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
github.com/argoproj/argo-cd/v3@0.0.0
<span class="list-paths__item__arrow"></span>
github.com/argoproj/notifications-engine/pkg/cmd@#e2e7fe18381a
<span class="list-paths__item__arrow"></span>
github.com/argoproj/notifications-engine/pkg/triggers@#e2e7fe18381a
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr/vm@1.17.6
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr/builtin@1.17.6
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
github.com/argoproj/argo-cd/v3@0.0.0
<span class="list-paths__item__arrow"></span>
github.com/argoproj/notifications-engine/pkg/controller@#e2e7fe18381a
<span class="list-paths__item__arrow"></span>
github.com/argoproj/notifications-engine/pkg/triggers@#e2e7fe18381a
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr/vm@1.17.6
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr/builtin@1.17.6
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
github.com/argoproj/argo-cd/v3@0.0.0
<span class="list-paths__item__arrow"></span>
github.com/argoproj/notifications-engine/pkg/triggers@#e2e7fe18381a
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr@1.17.6
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr/compiler@1.17.6
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr/builtin@1.17.6
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
github.com/argoproj/argo-cd/v3@0.0.0
<span class="list-paths__item__arrow"></span>
github.com/argoproj/notifications-engine/pkg/triggers@#e2e7fe18381a
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr@1.17.6
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr/patcher@1.17.6
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr/builtin@1.17.6
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
github.com/argoproj/argo-cd/v3@0.0.0
<span class="list-paths__item__arrow"></span>
github.com/argoproj/notifications-engine/pkg/api@#e2e7fe18381a
<span class="list-paths__item__arrow"></span>
github.com/argoproj/notifications-engine/pkg/triggers@#e2e7fe18381a
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr@1.17.6
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr/builtin@1.17.6
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
github.com/argoproj/argo-cd/v3@0.0.0
<span class="list-paths__item__arrow"></span>
github.com/argoproj/notifications-engine/pkg/cmd@#e2e7fe18381a
<span class="list-paths__item__arrow"></span>
github.com/argoproj/notifications-engine/pkg/triggers@#e2e7fe18381a
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr@1.17.6
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr/builtin@1.17.6
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
github.com/argoproj/argo-cd/v3@0.0.0
<span class="list-paths__item__arrow"></span>
github.com/argoproj/notifications-engine/pkg/controller@#e2e7fe18381a
<span class="list-paths__item__arrow"></span>
github.com/argoproj/notifications-engine/pkg/triggers@#e2e7fe18381a
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr@1.17.6
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr/builtin@1.17.6
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
github.com/argoproj/argo-cd/v3@0.0.0
<span class="list-paths__item__arrow"></span>
github.com/argoproj/notifications-engine/pkg/triggers@#e2e7fe18381a
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr@1.17.6
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr/compiler@1.17.6
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr/checker@1.17.6
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr/builtin@1.17.6
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
github.com/argoproj/argo-cd/v3@0.0.0
<span class="list-paths__item__arrow"></span>
github.com/argoproj/notifications-engine/pkg/api@#e2e7fe18381a
<span class="list-paths__item__arrow"></span>
github.com/argoproj/notifications-engine/pkg/triggers@#e2e7fe18381a
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr/vm@1.17.6
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr/conf@1.17.6
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr/builtin@1.17.6
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
github.com/argoproj/argo-cd/v3@0.0.0
<span class="list-paths__item__arrow"></span>
github.com/argoproj/notifications-engine/pkg/cmd@#e2e7fe18381a
<span class="list-paths__item__arrow"></span>
github.com/argoproj/notifications-engine/pkg/triggers@#e2e7fe18381a
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr/vm@1.17.6
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr/conf@1.17.6
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr/builtin@1.17.6
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
github.com/argoproj/argo-cd/v3@0.0.0
<span class="list-paths__item__arrow"></span>
github.com/argoproj/notifications-engine/pkg/controller@#e2e7fe18381a
<span class="list-paths__item__arrow"></span>
github.com/argoproj/notifications-engine/pkg/triggers@#e2e7fe18381a
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr/vm@1.17.6
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr/conf@1.17.6
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr/builtin@1.17.6
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
github.com/argoproj/argo-cd/v3@0.0.0
<span class="list-paths__item__arrow"></span>
github.com/argoproj/notifications-engine/pkg/api@#e2e7fe18381a
<span class="list-paths__item__arrow"></span>
github.com/argoproj/notifications-engine/pkg/triggers@#e2e7fe18381a
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr@1.17.6
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr/parser@1.17.6
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr/builtin@1.17.6
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
github.com/argoproj/argo-cd/v3@0.0.0
<span class="list-paths__item__arrow"></span>
github.com/argoproj/notifications-engine/pkg/cmd@#e2e7fe18381a
<span class="list-paths__item__arrow"></span>
github.com/argoproj/notifications-engine/pkg/triggers@#e2e7fe18381a
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr@1.17.6
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr/parser@1.17.6
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr/builtin@1.17.6
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
github.com/argoproj/argo-cd/v3@0.0.0
<span class="list-paths__item__arrow"></span>
github.com/argoproj/notifications-engine/pkg/controller@#e2e7fe18381a
<span class="list-paths__item__arrow"></span>
github.com/argoproj/notifications-engine/pkg/triggers@#e2e7fe18381a
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr@1.17.6
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr/parser@1.17.6
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr/builtin@1.17.6
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
github.com/argoproj/argo-cd/v3@0.0.0
<span class="list-paths__item__arrow"></span>
github.com/argoproj/notifications-engine/pkg/api@#e2e7fe18381a
<span class="list-paths__item__arrow"></span>
github.com/argoproj/notifications-engine/pkg/triggers@#e2e7fe18381a
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr@1.17.6
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr/compiler@1.17.6
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr/builtin@1.17.6
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
github.com/argoproj/argo-cd/v3@0.0.0
<span class="list-paths__item__arrow"></span>
github.com/argoproj/notifications-engine/pkg/cmd@#e2e7fe18381a
<span class="list-paths__item__arrow"></span>
github.com/argoproj/notifications-engine/pkg/triggers@#e2e7fe18381a
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr@1.17.6
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr/compiler@1.17.6
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr/builtin@1.17.6
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
github.com/argoproj/argo-cd/v3@0.0.0
<span class="list-paths__item__arrow"></span>
github.com/argoproj/notifications-engine/pkg/controller@#e2e7fe18381a
<span class="list-paths__item__arrow"></span>
github.com/argoproj/notifications-engine/pkg/triggers@#e2e7fe18381a
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr@1.17.6
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr/compiler@1.17.6
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr/builtin@1.17.6
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
github.com/argoproj/argo-cd/v3@0.0.0
<span class="list-paths__item__arrow"></span>
github.com/argoproj/notifications-engine/pkg/api@#e2e7fe18381a
<span class="list-paths__item__arrow"></span>
github.com/argoproj/notifications-engine/pkg/triggers@#e2e7fe18381a
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr@1.17.6
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr/patcher@1.17.6
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr/builtin@1.17.6
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
github.com/argoproj/argo-cd/v3@0.0.0
<span class="list-paths__item__arrow"></span>
github.com/argoproj/notifications-engine/pkg/cmd@#e2e7fe18381a
<span class="list-paths__item__arrow"></span>
github.com/argoproj/notifications-engine/pkg/triggers@#e2e7fe18381a
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr@1.17.6
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr/patcher@1.17.6
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr/builtin@1.17.6
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
github.com/argoproj/argo-cd/v3@0.0.0
<span class="list-paths__item__arrow"></span>
github.com/argoproj/notifications-engine/pkg/controller@#e2e7fe18381a
<span class="list-paths__item__arrow"></span>
github.com/argoproj/notifications-engine/pkg/triggers@#e2e7fe18381a
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr@1.17.6
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr/patcher@1.17.6
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr/builtin@1.17.6
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
github.com/argoproj/argo-cd/v3@0.0.0
<span class="list-paths__item__arrow"></span>
github.com/argoproj/notifications-engine/pkg/api@#e2e7fe18381a
<span class="list-paths__item__arrow"></span>
github.com/argoproj/notifications-engine/pkg/triggers@#e2e7fe18381a
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr@1.17.6
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr/compiler@1.17.6
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr/checker@1.17.6
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr/builtin@1.17.6
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
github.com/argoproj/argo-cd/v3@0.0.0
<span class="list-paths__item__arrow"></span>
github.com/argoproj/notifications-engine/pkg/cmd@#e2e7fe18381a
<span class="list-paths__item__arrow"></span>
github.com/argoproj/notifications-engine/pkg/triggers@#e2e7fe18381a
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr@1.17.6
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr/compiler@1.17.6
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr/checker@1.17.6
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr/builtin@1.17.6
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
github.com/argoproj/argo-cd/v3@0.0.0
<span class="list-paths__item__arrow"></span>
github.com/argoproj/notifications-engine/pkg/controller@#e2e7fe18381a
<span class="list-paths__item__arrow"></span>
github.com/argoproj/notifications-engine/pkg/triggers@#e2e7fe18381a
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr@1.17.6
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr/compiler@1.17.6
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr/checker@1.17.6
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr/builtin@1.17.6
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
github.com/argoproj/argo-cd/v3@0.0.0
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr@1.17.6
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr/vm@1.17.6
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr/conf@1.17.6
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr/types@1.17.6
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr/checker/nature@1.17.6
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr/builtin@1.17.6
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
github.com/argoproj/argo-cd/v3@0.0.0
<span class="list-paths__item__arrow"></span>
github.com/argoproj/notifications-engine/pkg/triggers@#e2e7fe18381a
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr/vm@1.17.6
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr/conf@1.17.6
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr/types@1.17.6
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr/checker/nature@1.17.6
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr/builtin@1.17.6
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
github.com/argoproj/argo-cd/v3@0.0.0
<span class="list-paths__item__arrow"></span>
github.com/argoproj/notifications-engine/pkg/api@#e2e7fe18381a
<span class="list-paths__item__arrow"></span>
github.com/argoproj/notifications-engine/pkg/triggers@#e2e7fe18381a
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr/vm@1.17.6
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr/conf@1.17.6
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr/types@1.17.6
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr/checker/nature@1.17.6
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr/builtin@1.17.6
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
github.com/argoproj/argo-cd/v3@0.0.0
<span class="list-paths__item__arrow"></span>
github.com/argoproj/notifications-engine/pkg/cmd@#e2e7fe18381a
<span class="list-paths__item__arrow"></span>
github.com/argoproj/notifications-engine/pkg/triggers@#e2e7fe18381a
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr/vm@1.17.6
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr/conf@1.17.6
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr/types@1.17.6
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr/checker/nature@1.17.6
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr/builtin@1.17.6
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
github.com/argoproj/argo-cd/v3@0.0.0
<span class="list-paths__item__arrow"></span>
github.com/argoproj/notifications-engine/pkg/controller@#e2e7fe18381a
<span class="list-paths__item__arrow"></span>
github.com/argoproj/notifications-engine/pkg/triggers@#e2e7fe18381a
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr/vm@1.17.6
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr/conf@1.17.6
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr/types@1.17.6
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr/checker/nature@1.17.6
<span class="list-paths__item__arrow"></span>
github.com/expr-lang/expr/builtin@1.17.6
</span>
</li>
</ul><!-- .list-paths -->
</div><!-- .card__section -->
<hr/>
<!-- Overview -->
<h2 id="overview">Overview</h2>
<p>Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the <code>flatten</code>, <code>min</code>, <code>max</code>, <code>mean</code>, and <code>median</code> functions when processing deeply nested or cyclic data structures. An attacker can cause the application to crash by supplying maliciously crafted input that triggers unbounded recursion and stack exhaustion. </p>
<h2 id="workaround">Workaround</h2>
<p>This vulnerability can be mitigated by ensuring evaluation environments do not contain cyclic references, validating or sanitizing externally supplied data structures, and wrapping expression evaluation with panic recovery to prevent a full process crash.</p>
<h2 id="remediation">Remediation</h2>
<p>Upgrade <code>github.com/expr-lang/expr/builtin</code> to version 1.17.7 or higher.</p>
<h2 id="references">References</h2>
<ul>
<li><a href="https://github.com/expr-lang/expr/commit/3dbda4bd9c2531a05fe0ea77a4bf4d7f294dc1da">GitHub Commit</a></li>
<li><a href="https://github.com/expr-lang/expr/pull/870">GitHub PR</a></li>
</ul>
<hr/>
<div class="cta card__cta">
<p><a href="https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMEXPRLANGEXPRBUILTIN-14459108">More about this vulnerability</a></p>
</div>
</div><!-- .card -->
<div class="card card--vuln disclosure--not-new severity--medium" data-snyk-test="medium">
<h2 class="card__title">Regular Expression Denial of Service (ReDoS)</h2>

2
docs/snyk/v3.3.0-rc3/ghcr.io_dexidp_dex_v2.43.0.html
View File

@@ -492,7 +492,7 @@
<div class="header-wrap">
<h1 class="project__header__title">Snyk test report</h1>
<p class="timestamp">January 11th 2026, 12:29:06 am (UTC+00:00)</p>
<p class="timestamp">January 18th 2026, 12:28:13 am (UTC+00:00)</p>
</div>
<div class="source-panel">
<span>Scanned the following paths:</span>

2
docs/snyk/v3.3.0-rc3/public.ecr.aws_docker_library_haproxy_3.0.8-alpine.html
View File

@@ -492,7 +492,7 @@
<div class="header-wrap">
<h1 class="project__header__title">Snyk test report</h1>
<p class="timestamp">January 11th 2026, 12:29:10 am (UTC+00:00)</p>
<p class="timestamp">January 18th 2026, 12:28:17 am (UTC+00:00)</p>
</div>
<div class="source-panel">
<span>Scanned the following path:</span>

2
docs/snyk/v3.3.0-rc3/public.ecr.aws_docker_library_redis_8.2.3-alpine.html
View File

@@ -492,7 +492,7 @@
<div class="header-wrap">
<h1 class="project__header__title">Snyk test report</h1>
<p class="timestamp">January 11th 2026, 12:29:16 am (UTC+00:00)</p>
<p class="timestamp">January 18th 2026, 12:28:25 am (UTC+00:00)</p>
</div>
<div class="source-panel">
<span>Scanned the following path:</span>

3
docs/snyk/v3.3.0-rc3/quay.io_argoproj_argocd_v3.3.0-rc3.html
View File

@@ -492,7 +492,7 @@
<div class="header-wrap">
<h1 class="project__header__title">Snyk test report</h1>
<p class="timestamp">January 11th 2026, 12:29:38 am (UTC+00:00)</p>
<p class="timestamp">January 18th 2026, 12:28:47 am (UTC+00:00)</p>
</div>
<div class="source-panel">
<span>Scanned the following paths:</span>
@@ -659,6 +659,7 @@
<li><a href="https://news.ycombinator.com/item?id=46403200">https://news.ycombinator.com/item?id=46403200</a></li>
<li><a href="https://www.openwall.com/lists/oss-security/2025/12/28/5">https://www.openwall.com/lists/oss-security/2025/12/28/5</a></li>
<li><a href="http://www.openwall.com/lists/oss-security/2025/12/29/11">http://www.openwall.com/lists/oss-security/2025/12/29/11</a></li>
<li><a href="https://lists.debian.org/debian-lts-announce/2026/01/msg00008.html">https://lists.debian.org/debian-lts-announce/2026/01/msg00008.html</a></li>
<li><a href="https://gpg.fail/memcpy">https://gpg.fail/memcpy</a></li>
</ul>