marcel/argo-cd
1
0
Fork 0
mirror of https://github.com/argoproj/argo-cd.git synced 2026-02-20 01:28:45 +01:00
Code Issues Packages Projects Releases Wiki Activity

[Bot] docs: Update Snyk report (#26195)

Browse Source 
Signed-off-by: CI <ci@argoproj.com>
Co-authored-by: CI <ci@argoproj.com>
This commit is contained in:
github-actions[bot]
2026-02-01 14:43:32 +02:00
committed by GitHub
parent 72085781dc
commit e20affd6f0
37 changed files with 29514 additions and 747 deletions
Download Patch File Download Diff File Expand all files Collapse all files

46
docs/snyk/index.md
View File

@@ -14,11 +14,11 @@ recent minor releases.
| | Critical | High | Medium | Low |
|---:|:--------:|:----:|:------:|:---:|
| [go.mod](master/argocd-test.html) | 0 | 0 | 0 | 0 |
| [ui/yarn.lock](master/argocd-test.html) | 0 | 0 | 2 | 2 |
| [dex:v2.43.0](master/ghcr.io_dexidp_dex_v2.43.0.html) | 0 | 0 | 0 | 5 |
| [haproxy:3.0.8-alpine](master/public.ecr.aws_docker_library_haproxy_3.0.8-alpine.html) | 0 | 0 | 0 | 5 |
| [redis:8.2.3-alpine](master/public.ecr.aws_docker_library_redis_8.2.3-alpine.html) | 0 | 0 | 0 | 2 |
| [argocd:latest](master/quay.io_argoproj_argocd_latest.html) | 0 | 0 | 9 | 8 |
| [ui/yarn.lock](master/argocd-test.html) | 0 | 1 | 2 | 2 |
| [dex:v2.43.0](master/ghcr.io_dexidp_dex_v2.43.0.html) | 0 | 0 | 0 | 15 |
| [haproxy:3.0.8-alpine](master/public.ecr.aws_docker_library_haproxy_3.0.8-alpine.html) | 0 | 0 | 0 | 15 |
| [redis:8.2.3-alpine](master/public.ecr.aws_docker_library_redis_8.2.3-alpine.html) | 0 | 0 | 0 | 0 |
| [argocd:latest](master/quay.io_argoproj_argocd_latest.html) | 0 | 0 | 8 | 8 |
| [install.yaml](master/argocd-iac-install.html) | - | - | - | - |
| [namespace-install.yaml](master/argocd-iac-namespace-install.html) | - | - | - | - |
@@ -27,10 +27,10 @@ recent minor releases.
| | Critical | High | Medium | Low |
|---:|:--------:|:----:|:------:|:---:|
| [go.mod](v3.3.0-rc4/argocd-test.html) | 0 | 0 | 0 | 0 |
| [ui/yarn.lock](v3.3.0-rc4/argocd-test.html) | 0 | 1 | 4 | 2 |
| [dex:v2.43.0](v3.3.0-rc4/ghcr.io_dexidp_dex_v2.43.0.html) | 0 | 0 | 0 | 5 |
| [haproxy:3.0.8-alpine](v3.3.0-rc4/public.ecr.aws_docker_library_haproxy_3.0.8-alpine.html) | 0 | 0 | 0 | 5 |
| [redis:8.2.3-alpine](v3.3.0-rc4/public.ecr.aws_docker_library_redis_8.2.3-alpine.html) | 0 | 0 | 0 | 2 |
| [ui/yarn.lock](v3.3.0-rc4/argocd-test.html) | 0 | 2 | 4 | 2 |
| [dex:v2.43.0](v3.3.0-rc4/ghcr.io_dexidp_dex_v2.43.0.html) | 0 | 0 | 0 | 15 |
| [haproxy:3.0.8-alpine](v3.3.0-rc4/public.ecr.aws_docker_library_haproxy_3.0.8-alpine.html) | 0 | 0 | 0 | 15 |
| [redis:8.2.3-alpine](v3.3.0-rc4/public.ecr.aws_docker_library_redis_8.2.3-alpine.html) | 0 | 0 | 0 | 0 |
| [argocd:v3.3.0-rc4](v3.3.0-rc4/quay.io_argoproj_argocd_v3.3.0-rc4.html) | 0 | 0 | 0 | 1 |
| [install.yaml](v3.3.0-rc4/argocd-iac-install.html) | - | - | - | - |
| [namespace-install.yaml](v3.3.0-rc4/argocd-iac-namespace-install.html) | - | - | - | - |
@@ -40,10 +40,10 @@ recent minor releases.
| | Critical | High | Medium | Low |
|---:|:--------:|:----:|:------:|:---:|
| [go.mod](v3.2.6/argocd-test.html) | 0 | 0 | 0 | 0 |
| [ui/yarn.lock](v3.2.6/argocd-test.html) | 0 | 1 | 6 | 2 |
| [dex:v2.43.0](v3.2.6/ghcr.io_dexidp_dex_v2.43.0.html) | 0 | 0 | 0 | 5 |
| [haproxy:3.0.8-alpine](v3.2.6/public.ecr.aws_docker_library_haproxy_3.0.8-alpine.html) | 0 | 0 | 0 | 5 |
| [redis:8.2.2-alpine](v3.2.6/public.ecr.aws_docker_library_redis_8.2.2-alpine.html) | 0 | 0 | 0 | 2 |
| [ui/yarn.lock](v3.2.6/argocd-test.html) | 0 | 2 | 6 | 2 |
| [dex:v2.43.0](v3.2.6/ghcr.io_dexidp_dex_v2.43.0.html) | 0 | 0 | 0 | 15 |
| [haproxy:3.0.8-alpine](v3.2.6/public.ecr.aws_docker_library_haproxy_3.0.8-alpine.html) | 0 | 0 | 0 | 15 |
| [redis:8.2.2-alpine](v3.2.6/public.ecr.aws_docker_library_redis_8.2.2-alpine.html) | 0 | 0 | 0 | 14 |
| [argocd:v3.2.6](v3.2.6/quay.io_argoproj_argocd_v3.2.6.html) | 0 | 0 | 0 | 1 |
| [install.yaml](v3.2.6/argocd-iac-install.html) | - | - | - | - |
| [namespace-install.yaml](v3.2.6/argocd-iac-namespace-install.html) | - | - | - | - |
@@ -53,11 +53,11 @@ recent minor releases.
| | Critical | High | Medium | Low |
|---:|:--------:|:----:|:------:|:---:|
| [go.mod](v3.1.12/argocd-test.html) | 0 | 0 | 0 | 0 |
| [ui/yarn.lock](v3.1.12/argocd-test.html) | 1 | 1 | 6 | 2 |
| [dex:v2.43.0](v3.1.12/ghcr.io_dexidp_dex_v2.43.0.html) | 0 | 0 | 0 | 5 |
| [haproxy:3.0.8-alpine](v3.1.12/public.ecr.aws_docker_library_haproxy_3.0.8-alpine.html) | 0 | 0 | 0 | 5 |
| [redis:7.2.11-alpine](v3.1.12/public.ecr.aws_docker_library_redis_7.2.11-alpine.html) | 0 | 0 | 0 | 2 |
| [argocd:v3.1.12](v3.1.12/quay.io_argoproj_argocd_v3.1.12.html) | 0 | 0 | 8 | 15 |
| [ui/yarn.lock](v3.1.12/argocd-test.html) | 1 | 2 | 6 | 2 |
| [dex:v2.43.0](v3.1.12/ghcr.io_dexidp_dex_v2.43.0.html) | 0 | 0 | 0 | 15 |
| [haproxy:3.0.8-alpine](v3.1.12/public.ecr.aws_docker_library_haproxy_3.0.8-alpine.html) | 0 | 0 | 0 | 15 |
| [redis:7.2.11-alpine](v3.1.12/public.ecr.aws_docker_library_redis_7.2.11-alpine.html) | 0 | 0 | 0 | 12 |
| [argocd:v3.1.12](v3.1.12/quay.io_argoproj_argocd_v3.1.12.html) | 0 | 0 | 9 | 22 |
| [install.yaml](v3.1.12/argocd-iac-install.html) | - | - | - | - |
| [namespace-install.yaml](v3.1.12/argocd-iac-namespace-install.html) | - | - | - | - |
@@ -67,10 +67,10 @@ recent minor releases.
|---:|:--------:|:----:|:------:|:---:|
| [go.mod](v3.0.23/argocd-test.html) | 0 | 0 | 0 | 0 |
| [ui/yarn.lock](v3.0.23/argocd-test.html) | 1 | 2 | 7 | 4 |
| [dex:v2.41.1](v3.0.23/ghcr.io_dexidp_dex_v2.41.1.html) | 0 | 2 | 0 | 8 |
| [haproxy:3.0.8-alpine](v3.0.23/public.ecr.aws_docker_library_haproxy_3.0.8-alpine.html) | 0 | 0 | 0 | 5 |
| [redis:7.2.11-alpine](v3.0.23/public.ecr.aws_docker_library_redis_7.2.11-alpine.html) | 0 | 0 | 0 | 2 |
| [argocd:v3.0.23](v3.0.23/quay.io_argoproj_argocd_v3.0.23.html) | 0 | 0 | 8 | 15 |
| [redis:7.2.11-alpine](v3.0.23/redis_7.2.11-alpine.html) | 0 | 0 | 0 | 2 |
| [dex:v2.41.1](v3.0.23/ghcr.io_dexidp_dex_v2.41.1.html) | 0 | 2 | 0 | 18 |
| [haproxy:3.0.8-alpine](v3.0.23/public.ecr.aws_docker_library_haproxy_3.0.8-alpine.html) | 0 | 0 | 0 | 15 |
| [redis:7.2.11-alpine](v3.0.23/public.ecr.aws_docker_library_redis_7.2.11-alpine.html) | 0 | 0 | 0 | 12 |
| [argocd:v3.0.23](v3.0.23/quay.io_argoproj_argocd_v3.0.23.html) | 0 | 0 | 9 | 22 |
| [redis:7.2.11-alpine](v3.0.23/redis_7.2.11-alpine.html) | 0 | 0 | 0 | 12 |
| [install.yaml](v3.0.23/argocd-iac-install.html) | - | - | - | - |
| [namespace-install.yaml](v3.0.23/argocd-iac-namespace-install.html) | - | - | - | - |

68
docs/snyk/master/argocd-iac-install.html
View File

@@ -456,7 +456,7 @@
<div class="header-wrap">
<h1 class="project__header__title">Snyk test report</h1>
<p class="timestamp">January 25th 2026, 12:28:05 am (UTC+00:00)</p>
<p class="timestamp">February 1st 2026, 12:34:16 am (UTC+00:00)</p>
</div>
<div class="source-panel">
<span>Scanned the following path:</span>
@@ -881,7 +881,7 @@
</li>
<li class="card__meta__item">
Line number: 32049
Line number: 32055
</li>
</ul>
@@ -933,7 +933,7 @@
</li>
<li class="card__meta__item">
Line number: 32398
Line number: 32410
</li>
</ul>
@@ -1049,7 +1049,7 @@
</li>
<li class="card__meta__item">
Line number: 31845
Line number: 31851
</li>
</ul>
@@ -1107,7 +1107,7 @@
</li>
<li class="card__meta__item">
Line number: 31793
Line number: 31799
</li>
</ul>
@@ -1165,7 +1165,7 @@
</li>
<li class="card__meta__item">
Line number: 31907
Line number: 31913
</li>
</ul>
@@ -1223,7 +1223,7 @@
</li>
<li class="card__meta__item">
Line number: 32020
Line number: 32026
</li>
</ul>
@@ -1281,7 +1281,7 @@
</li>
<li class="card__meta__item">
Line number: 32044
Line number: 32050
</li>
</ul>
@@ -1339,7 +1339,7 @@
</li>
<li class="card__meta__item">
Line number: 32398
Line number: 32410
</li>
</ul>
@@ -1397,7 +1397,7 @@
</li>
<li class="card__meta__item">
Line number: 32103
Line number: 32109
</li>
</ul>
@@ -1455,7 +1455,7 @@
</li>
<li class="card__meta__item">
Line number: 32486
Line number: 32498
</li>
</ul>
@@ -1513,7 +1513,7 @@
</li>
<li class="card__meta__item">
Line number: 32896
Line number: 32914
</li>
</ul>
@@ -1565,7 +1565,7 @@
</li>
<li class="card__meta__item">
Line number: 31825
Line number: 31831
</li>
</ul>
@@ -1669,7 +1669,7 @@
</li>
<li class="card__meta__item">
Line number: 31793
Line number: 31799
</li>
</ul>
@@ -1721,7 +1721,7 @@
</li>
<li class="card__meta__item">
Line number: 32020
Line number: 32026
</li>
</ul>
@@ -1837,7 +1837,7 @@
</li>
<li class="card__meta__item">
Line number: 31793
Line number: 31799
</li>
</ul>
@@ -1895,7 +1895,7 @@
</li>
<li class="card__meta__item">
Line number: 31845
Line number: 31851
</li>
</ul>
@@ -1953,7 +1953,7 @@
</li>
<li class="card__meta__item">
Line number: 31907
Line number: 31913
</li>
</ul>
@@ -2011,7 +2011,7 @@
</li>
<li class="card__meta__item">
Line number: 32020
Line number: 32026
</li>
</ul>
@@ -2069,7 +2069,7 @@
</li>
<li class="card__meta__item">
Line number: 32044
Line number: 32050
</li>
</ul>
@@ -2127,7 +2127,7 @@
</li>
<li class="card__meta__item">
Line number: 32398
Line number: 32410
</li>
</ul>
@@ -2185,7 +2185,7 @@
</li>
<li class="card__meta__item">
Line number: 32103
Line number: 32109
</li>
</ul>
@@ -2243,7 +2243,7 @@
</li>
<li class="card__meta__item">
Line number: 32486
Line number: 32498
</li>
</ul>
@@ -2301,7 +2301,7 @@
</li>
<li class="card__meta__item">
Line number: 32896
Line number: 32914
</li>
</ul>
@@ -2357,7 +2357,7 @@
</li>
<li class="card__meta__item">
Line number: 31706
Line number: 31712
</li>
</ul>
@@ -2413,7 +2413,7 @@
</li>
<li class="card__meta__item">
Line number: 31853
Line number: 31859
</li>
</ul>
@@ -2469,7 +2469,7 @@
</li>
<li class="card__meta__item">
Line number: 31828
Line number: 31834
</li>
</ul>
@@ -2525,7 +2525,7 @@
</li>
<li class="card__meta__item">
Line number: 31952
Line number: 31958
</li>
</ul>
@@ -2581,7 +2581,7 @@
</li>
<li class="card__meta__item">
Line number: 32037
Line number: 32043
</li>
</ul>
@@ -2637,7 +2637,7 @@
</li>
<li class="card__meta__item">
Line number: 32051
Line number: 32057
</li>
</ul>
@@ -2693,7 +2693,7 @@
</li>
<li class="card__meta__item">
Line number: 32406
Line number: 32418
</li>
</ul>
@@ -2749,7 +2749,7 @@
</li>
<li class="card__meta__item">
Line number: 32371
Line number: 32383
</li>
</ul>
@@ -2805,7 +2805,7 @@
</li>
<li class="card__meta__item">
Line number: 32795
Line number: 32813
</li>
</ul>
@@ -2861,7 +2861,7 @@
</li>
<li class="card__meta__item">
Line number: 33171
Line number: 33195
</li>
</ul>

68
docs/snyk/master/argocd-iac-namespace-install.html
View File

@@ -456,7 +456,7 @@
<div class="header-wrap">
<h1 class="project__header__title">Snyk test report</h1>
<p class="timestamp">January 25th 2026, 12:28:15 am (UTC+00:00)</p>
<p class="timestamp">February 1st 2026, 12:34:27 am (UTC+00:00)</p>
</div>
<div class="source-panel">
<span>Scanned the following path:</span>
@@ -835,7 +835,7 @@
</li>
<li class="card__meta__item">
Line number: 1297
Line number: 1303
</li>
</ul>
@@ -887,7 +887,7 @@
</li>
<li class="card__meta__item">
Line number: 1646
Line number: 1658
</li>
</ul>
@@ -1003,7 +1003,7 @@
</li>
<li class="card__meta__item">
Line number: 1093
Line number: 1099
</li>
</ul>
@@ -1061,7 +1061,7 @@
</li>
<li class="card__meta__item">
Line number: 1041
Line number: 1047
</li>
</ul>
@@ -1119,7 +1119,7 @@
</li>
<li class="card__meta__item">
Line number: 1155
Line number: 1161
</li>
</ul>
@@ -1177,7 +1177,7 @@
</li>
<li class="card__meta__item">
Line number: 1268
Line number: 1274
</li>
</ul>
@@ -1235,7 +1235,7 @@
</li>
<li class="card__meta__item">
Line number: 1292
Line number: 1298
</li>
</ul>
@@ -1293,7 +1293,7 @@
</li>
<li class="card__meta__item">
Line number: 1646
Line number: 1658
</li>
</ul>
@@ -1351,7 +1351,7 @@
</li>
<li class="card__meta__item">
Line number: 1351
Line number: 1357
</li>
</ul>
@@ -1409,7 +1409,7 @@
</li>
<li class="card__meta__item">
Line number: 1734
Line number: 1746
</li>
</ul>
@@ -1467,7 +1467,7 @@
</li>
<li class="card__meta__item">
Line number: 2144
Line number: 2162
</li>
</ul>
@@ -1519,7 +1519,7 @@
</li>
<li class="card__meta__item">
Line number: 1073
Line number: 1079
</li>
</ul>
@@ -1623,7 +1623,7 @@
</li>
<li class="card__meta__item">
Line number: 1041
Line number: 1047
</li>
</ul>
@@ -1675,7 +1675,7 @@
</li>
<li class="card__meta__item">
Line number: 1268
Line number: 1274
</li>
</ul>
@@ -1791,7 +1791,7 @@
</li>
<li class="card__meta__item">
Line number: 1041
Line number: 1047
</li>
</ul>
@@ -1849,7 +1849,7 @@
</li>
<li class="card__meta__item">
Line number: 1093
Line number: 1099
</li>
</ul>
@@ -1907,7 +1907,7 @@
</li>
<li class="card__meta__item">
Line number: 1155
Line number: 1161
</li>
</ul>
@@ -1965,7 +1965,7 @@
</li>
<li class="card__meta__item">
Line number: 1268
Line number: 1274
</li>
</ul>
@@ -2023,7 +2023,7 @@
</li>
<li class="card__meta__item">
Line number: 1292
Line number: 1298
</li>
</ul>
@@ -2081,7 +2081,7 @@
</li>
<li class="card__meta__item">
Line number: 1646
Line number: 1658
</li>
</ul>
@@ -2139,7 +2139,7 @@
</li>
<li class="card__meta__item">
Line number: 1351
Line number: 1357
</li>
</ul>
@@ -2197,7 +2197,7 @@
</li>
<li class="card__meta__item">
Line number: 1734
Line number: 1746
</li>
</ul>
@@ -2255,7 +2255,7 @@
</li>
<li class="card__meta__item">
Line number: 2144
Line number: 2162
</li>
</ul>
@@ -2311,7 +2311,7 @@
</li>
<li class="card__meta__item">
Line number: 954
Line number: 960
</li>
</ul>
@@ -2367,7 +2367,7 @@
</li>
<li class="card__meta__item">
Line number: 1101
Line number: 1107
</li>
</ul>
@@ -2423,7 +2423,7 @@
</li>
<li class="card__meta__item">
Line number: 1076
Line number: 1082
</li>
</ul>
@@ -2479,7 +2479,7 @@
</li>
<li class="card__meta__item">
Line number: 1200
Line number: 1206
</li>
</ul>
@@ -2535,7 +2535,7 @@
</li>
<li class="card__meta__item">
Line number: 1285
Line number: 1291
</li>
</ul>
@@ -2591,7 +2591,7 @@
</li>
<li class="card__meta__item">
Line number: 1299
Line number: 1305
</li>
</ul>
@@ -2647,7 +2647,7 @@
</li>
<li class="card__meta__item">
Line number: 1654
Line number: 1666
</li>
</ul>
@@ -2703,7 +2703,7 @@
</li>
<li class="card__meta__item">
Line number: 1619
Line number: 1631
</li>
</ul>
@@ -2759,7 +2759,7 @@
</li>
<li class="card__meta__item">
Line number: 2043
Line number: 2061
</li>
</ul>
@@ -2815,7 +2815,7 @@
</li>
<li class="card__meta__item">
Line number: 2419
Line number: 2443
</li>
</ul>

86
docs/snyk/master/argocd-test.html
View File

@@ -7,7 +7,7 @@
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<title>Snyk test report</title>
<meta name="description" content="4 known vulnerabilities found in 7 vulnerable dependency paths.">
<meta name="description" content="5 known vulnerabilities found in 8 vulnerable dependency paths.">
<base target="_blank">
<link rel="icon" type="image/png" href="https://res.cloudinary.com/snyk/image/upload/v1468845142/favicon/favicon.png"
sizes="194x194">
@@ -492,7 +492,7 @@
<div class="header-wrap">
<h1 class="project__header__title">Snyk test report</h1>
<p class="timestamp">January 25th 2026, 12:25:40 am (UTC+00:00)</p>
<p class="timestamp">February 1st 2026, 12:31:46 am (UTC+00:00)</p>
</div>
<div class="source-panel">
<span>Scanned the following paths:</span>
@@ -505,8 +505,8 @@
</div>
<div class="meta-counts">
<div class="meta-count"><span>4</span> <span>known vulnerabilities</span></div>
<div class="meta-count"><span>7 vulnerable dependency paths</span></div>
<div class="meta-count"><span>5</span> <span>known vulnerabilities</span></div>
<div class="meta-count"><span>8 vulnerable dependency paths</span></div>
<div class="meta-count"><span>2882</span> <span>dependencies</span></div>
</div><!-- .meta-counts -->
</div><!-- .layout-container--short -->
@@ -515,6 +515,84 @@
<div class="layout-container" style="padding-top: 35px;">
<div class="cards--vuln filter--patch filter--ignore">
<div class="card card--vuln disclosure--not-new severity--high" data-snyk-test="high">
<h2 class="card__title">Uncaught Exception</h2>
<div class="card__section">
<div class="card__labels">
<div class="label label--high">
<span class="label__text">high severity</span>
</div>
<div class="label label--exploit">
<span class="label__text">Exploit: Proof of Concept</span>
</div>
</div>
<hr/>
<ul class="card__meta">
<li class="card__meta__item">
Manifest file: /argo-cd <span class="list-paths__item__arrow"></span> ui/yarn.lock
</li>
<li class="card__meta__item">
Package Manager: npm
</li>
<li class="card__meta__item">
Vulnerable module:
fast-xml-parser
</li>
<li class="card__meta__item">Introduced through:
argo-cd-ui@1.0.0, redoc@2.4.0 and others
</li>
</ul>
<hr/>
<h3 class="card__section__title">Detailed paths</h3>
<ul class="card__meta__paths">
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
argo-cd-ui@1.0.0
<span class="list-paths__item__arrow"></span>
redoc@2.4.0
<span class="list-paths__item__arrow"></span>
openapi-sampler@1.6.1
<span class="list-paths__item__arrow"></span>
fast-xml-parser@4.5.3
</span>
</li>
</ul><!-- .list-paths -->
</div><!-- .card__section -->
<hr/>
<!-- Overview -->
<h2 id="overview">Overview</h2>
<p><a href="https://www.npmjs.org/package/fast-xml-parser">fast-xml-parser</a> is a Validate XML, Parse XML, Build XML without C/C++ based libraries</p>
<p>Affected versions of this package are vulnerable to Uncaught Exception in the numeric entity processing when parsing XML containing out-of-range entity code points. An attacker can cause the application to crash by submitting specially crafted XML input that triggers an uncaught exception.</p>
<h2 id="remediation">Remediation</h2>
<p>Upgrade <code>fast-xml-parser</code> to version 5.3.4 or higher.</p>
<h2 id="references">References</h2>
<ul>
<li><a href="https://github.com/NaturalIntelligence/fast-xml-parser/commit/4e387f61c4a5cef792f6a2f42467013290bf95dc">GitHub Commit</a></li>
<li><a href="https://github.com/NaturalIntelligence/fast-xml-parser/releases/tag/v5.3.4">GitHub Release</a></li>
</ul>
<hr/>
<div class="cta card__cta">
<p><a href="https://snyk.io/vuln/SNYK-JS-FASTXMLPARSER-15155603">More about this vulnerability</a></p>
</div>
</div><!-- .card -->
<div class="card card--vuln disclosure--not-new severity--medium" data-snyk-test="medium">
<h2 class="card__title">Regular Expression Denial of Service (ReDoS)</h2>
<div class="card__section">

1604
docs/snyk/master/ghcr.io_dexidp_dex_v2.43.0.html
View File

File diff suppressed because it is too large Load Diff

1934
docs/snyk/master/public.ecr.aws_docker_library_haproxy_3.0.8-alpine.html
View File

File diff suppressed because it is too large Load Diff

244
docs/snyk/master/public.ecr.aws_docker_library_redis_8.2.3-alpine.html
View File

@@ -7,7 +7,7 @@
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<title>Snyk test report</title>
<meta name="description" content="2 known vulnerabilities found in 10 vulnerable dependency paths.">
<meta name="description" content="0 known vulnerabilities found in 0 vulnerable dependency paths.">
<base target="_blank">
<link rel="icon" type="image/png" href="https://res.cloudinary.com/snyk/image/upload/v1468845142/favicon/favicon.png"
sizes="194x194">
@@ -492,7 +492,7 @@
<div class="header-wrap">
<h1 class="project__header__title">Snyk test report</h1>
<p class="timestamp">January 25th 2026, 12:26:08 am (UTC+00:00)</p>
<p class="timestamp">February 1st 2026, 12:32:14 am (UTC+00:00)</p>
</div>
<div class="source-panel">
<span>Scanned the following path:</span>
@@ -502,8 +502,8 @@
</div>
<div class="meta-counts">
<div class="meta-count"><span>2</span> <span>known vulnerabilities</span></div>
<div class="meta-count"><span>10 vulnerable dependency paths</span></div>
<div class="meta-count"><span>0</span> <span>known vulnerabilities</span></div>
<div class="meta-count"><span>0 vulnerable dependency paths</span></div>
<div class="meta-count"><span>22</span> <span>dependencies</span></div>
</div><!-- .meta-counts -->
</div><!-- .layout-container--short -->
@@ -520,241 +520,7 @@
</table>
</section>
<div class="layout-container" style="padding-top: 35px;">
<div class="cards--vuln filter--patch filter--ignore">
<div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low">
<h2 class="card__title">CVE-2025-46394</h2>
<div class="card__section">
<div class="card__labels">
<div class="label label--low">
<span class="label__text">low severity</span>
</div>
<div class="label label--exploit">
<span class="label__text">Exploit: Not Defined</span>
</div>
</div>
<hr/>
<ul class="card__meta">
<li class="card__meta__item">
Package Manager: alpine:3.22
</li>
<li class="card__meta__item">
Vulnerable module:
busybox/busybox
</li>
<li class="card__meta__item">Introduced through:
docker-image|public.ecr.aws/docker/library/redis@8.2.3-alpine and busybox/busybox@1.37.0-r19
</li>
</ul>
<hr/>
<h3 class="card__section__title">Detailed paths</h3>
<ul class="card__meta__paths">
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|public.ecr.aws/docker/library/redis@8.2.3-alpine
<span class="list-paths__item__arrow"></span>
busybox/busybox@1.37.0-r19
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|public.ecr.aws/docker/library/redis@8.2.3-alpine
<span class="list-paths__item__arrow"></span>
alpine-baselayout/alpine-baselayout@3.7.0-r0
<span class="list-paths__item__arrow"></span>
busybox/busybox-binsh@1.37.0-r19
<span class="list-paths__item__arrow"></span>
busybox/busybox@1.37.0-r19
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|public.ecr.aws/docker/library/redis@8.2.3-alpine
<span class="list-paths__item__arrow"></span>
busybox/busybox-binsh@1.37.0-r19
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|public.ecr.aws/docker/library/redis@8.2.3-alpine
<span class="list-paths__item__arrow"></span>
alpine-baselayout/alpine-baselayout@3.7.0-r0
<span class="list-paths__item__arrow"></span>
busybox/busybox-binsh@1.37.0-r19
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|public.ecr.aws/docker/library/redis@8.2.3-alpine
<span class="list-paths__item__arrow"></span>
busybox/ssl_client@1.37.0-r19
</span>
</li>
</ul><!-- .list-paths -->
</div><!-- .card__section -->
<hr/>
<!-- Overview -->
<h2 id="nvd-description">NVD Description</h2>
<p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>busybox</code> package and not the <code>busybox</code> package as distributed by <code>Alpine</code>.</em>
<em>See <code>How to fix?</code> for <code>Alpine:3.22</code> relevant fixed versions and status.</em></p>
<p>In tar in BusyBox through 1.37.0, a TAR archive can have filenames hidden from a listing through the use of terminal escape sequences.</p>
<h2 id="remediation">Remediation</h2>
<p>Upgrade <code>Alpine:3.22</code> <code>busybox</code> to version 1.37.0-r20 or higher.</p>
<h2 id="references">References</h2>
<ul>
<li><a href="https://bugs.busybox.net/show_bug.cgi?id=16018">https://bugs.busybox.net/show_bug.cgi?id=16018</a></li>
<li><a href="https://www.busybox.net">https://www.busybox.net</a></li>
<li><a href="https://www.busybox.net/downloads/">https://www.busybox.net/downloads/</a></li>
<li><a href="http://www.openwall.com/lists/oss-security/2025/04/23/5">http://www.openwall.com/lists/oss-security/2025/04/23/5</a></li>
<li><a href="http://www.openwall.com/lists/oss-security/2025/04/24/3">http://www.openwall.com/lists/oss-security/2025/04/24/3</a></li>
</ul>
<hr/>
<div class="cta card__cta">
<p><a href="https://snyk.io/vuln/SNYK-ALPINE322-BUSYBOX-14091698">More about this vulnerability</a></p>
</div>
</div><!-- .card -->
<div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low">
<h2 class="card__title">CVE-2024-58251</h2>
<div class="card__section">
<div class="card__labels">
<div class="label label--low">
<span class="label__text">low severity</span>
</div>
<div class="label label--exploit">
<span class="label__text">Exploit: Not Defined</span>
</div>
</div>
<hr/>
<ul class="card__meta">
<li class="card__meta__item">
Package Manager: alpine:3.22
</li>
<li class="card__meta__item">
Vulnerable module:
busybox/busybox
</li>
<li class="card__meta__item">Introduced through:
docker-image|public.ecr.aws/docker/library/redis@8.2.3-alpine and busybox/busybox@1.37.0-r19
</li>
</ul>
<hr/>
<h3 class="card__section__title">Detailed paths</h3>
<ul class="card__meta__paths">
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|public.ecr.aws/docker/library/redis@8.2.3-alpine
<span class="list-paths__item__arrow"></span>
busybox/busybox@1.37.0-r19
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|public.ecr.aws/docker/library/redis@8.2.3-alpine
<span class="list-paths__item__arrow"></span>
alpine-baselayout/alpine-baselayout@3.7.0-r0
<span class="list-paths__item__arrow"></span>
busybox/busybox-binsh@1.37.0-r19
<span class="list-paths__item__arrow"></span>
busybox/busybox@1.37.0-r19
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|public.ecr.aws/docker/library/redis@8.2.3-alpine
<span class="list-paths__item__arrow"></span>
busybox/busybox-binsh@1.37.0-r19
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|public.ecr.aws/docker/library/redis@8.2.3-alpine
<span class="list-paths__item__arrow"></span>
alpine-baselayout/alpine-baselayout@3.7.0-r0
<span class="list-paths__item__arrow"></span>
busybox/busybox-binsh@1.37.0-r19
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|public.ecr.aws/docker/library/redis@8.2.3-alpine
<span class="list-paths__item__arrow"></span>
busybox/ssl_client@1.37.0-r19
</span>
</li>
</ul><!-- .list-paths -->
</div><!-- .card__section -->
<hr/>
<!-- Overview -->
<h2 id="nvd-description">NVD Description</h2>
<p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>busybox</code> package and not the <code>busybox</code> package as distributed by <code>Alpine</code>.</em>
<em>See <code>How to fix?</code> for <code>Alpine:3.22</code> relevant fixed versions and status.</em></p>
<p>In netstat in BusyBox through 1.37.0, local users can launch of network application with an argv[0] containing an ANSI terminal escape sequence, leading to a denial of service (terminal locked up) when netstat is used by a victim.</p>
<h2 id="remediation">Remediation</h2>
<p>Upgrade <code>Alpine:3.22</code> <code>busybox</code> to version 1.37.0-r20 or higher.</p>
<h2 id="references">References</h2>
<ul>
<li><a href="https://bugs.busybox.net/show_bug.cgi?id=15922">https://bugs.busybox.net/show_bug.cgi?id=15922</a></li>
<li><a href="https://www.busybox.net">https://www.busybox.net</a></li>
<li><a href="https://www.busybox.net/downloads/">https://www.busybox.net/downloads/</a></li>
<li><a href="http://www.openwall.com/lists/oss-security/2025/04/23/6">http://www.openwall.com/lists/oss-security/2025/04/23/6</a></li>
</ul>
<hr/>
<div class="cta card__cta">
<p><a href="https://snyk.io/vuln/SNYK-ALPINE322-BUSYBOX-14091701">More about this vulnerability</a></p>
</div>
</div><!-- .card -->
</div><!-- cards -->
No known vulnerabilities detected.
</div>
</main><!-- .layout-stacked__content -->
</body>

98
docs/snyk/master/quay.io_argoproj_argocd_latest.html
View File

@@ -7,7 +7,7 @@
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<title>Snyk test report</title>
<meta name="description" content="17 known vulnerabilities found in 56 vulnerable dependency paths.">
<meta name="description" content="16 known vulnerabilities found in 56 vulnerable dependency paths.">
<base target="_blank">
<link rel="icon" type="image/png" href="https://res.cloudinary.com/snyk/image/upload/v1468845142/favicon/favicon.png"
sizes="194x194">
@@ -492,7 +492,7 @@
<div class="header-wrap">
<h1 class="project__header__title">Snyk test report</h1>
<p class="timestamp">January 25th 2026, 12:26:27 am (UTC+00:00)</p>
<p class="timestamp">February 1st 2026, 12:32:37 am (UTC+00:00)</p>
</div>
<div class="source-panel">
<span>Scanned the following paths:</span>
@@ -506,7 +506,7 @@
</div>
<div class="meta-counts">
<div class="meta-count"><span>17</span> <span>known vulnerabilities</span></div>
<div class="meta-count"><span>16</span> <span>known vulnerabilities</span></div>
<div class="meta-count"><span>56 vulnerable dependency paths</span></div>
<div class="meta-count"><span>2318</span> <span>dependencies</span></div>
</div><!-- .meta-counts -->
@@ -1168,7 +1168,7 @@
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|quay.io/argoproj/argocd@latest
<span class="list-paths__item__arrow"></span>
git-lfs@3.6.1-1
git-lfs@3.6.1-1ubuntu0.1
<span class="list-paths__item__arrow"></span>
git@1:2.51.0-1ubuntu1
@@ -1200,85 +1200,6 @@
<p><a href="https://snyk.io/vuln/SNYK-UBUNTU2510-GIT-14548189">More about this vulnerability</a></p>
</div>
</div><!-- .card -->
<div class="card card--vuln disclosure--not-new severity--medium" data-snyk-test="medium">
<h2 class="card__title">Link Following</h2>
<div class="card__section">
<div class="card__labels">
<div class="label label--medium">
<span class="label__text">medium severity</span>
</div>
<div class="label label--exploit">
<span class="label__text">Exploit: Not Defined</span>
</div>
</div>
<hr/>
<ul class="card__meta">
<li class="card__meta__item">
Manifest file: quay.io/argoproj/argocd:latest/argoproj/argocd <span class="list-paths__item__arrow"></span> Dockerfile
</li>
<li class="card__meta__item">
Package Manager: ubuntu:25.10
</li>
<li class="card__meta__item">
Vulnerable module:
git-lfs
</li>
<li class="card__meta__item">Introduced through:
docker-image|quay.io/argoproj/argocd@latest and git-lfs@3.6.1-1
</li>
</ul>
<hr/>
<h3 class="card__section__title">Detailed paths</h3>
<ul class="card__meta__paths">
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|quay.io/argoproj/argocd@latest
<span class="list-paths__item__arrow"></span>
git-lfs@3.6.1-1
</span>
</li>
</ul><!-- .list-paths -->
</div><!-- .card__section -->
<hr/>
<!-- Overview -->
<h2 id="nvd-description">NVD Description</h2>
<p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>git-lfs</code> package and not the <code>git-lfs</code> package as distributed by <code>Ubuntu</code>.</em>
<em>See <code>How to fix?</code> for <code>Ubuntu:25.10</code> relevant fixed versions and status.</em></p>
<p>Git LFS is a Git extension for versioning large files. In Git LFS versions 0.5.2 through 3.7.0, when populating a Git repository&#39;s working tree with the contents of Git LFS objects, certain Git LFS commands may write to files visible outside the current Git working tree if symbolic or hard links exist which collide with the paths of files tracked by Git LFS. The git lfs checkout and git lfs pull commands do not check for symbolic links before writing to files in the working tree, allowing an attacker to craft a repository containing symbolic or hard links that cause Git LFS to write to arbitrary file system locations accessible to the user running these commands. As well, when the git lfs checkout and git lfs pull commands are run in a bare repository, they could write to files visible outside the repository. The vulnerability is fixed in version 3.7.1. As a workaround, support for symlinks in Git may be disabled by setting the core.symlinks configuration option to false, after which further clones and fetches will not create symbolic links. However, any symbolic or hard links in existing repositories will still provide the opportunity for Git LFS to write to their targets.</p>
<h2 id="remediation">Remediation</h2>
<p>There is no fixed version for <code>Ubuntu:25.10</code> <code>git-lfs</code>.</p>
<h2 id="references">References</h2>
<ul>
<li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-26625">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-26625</a></li>
<li><a href="https://github.com/git-lfs/git-lfs/commit/0cffe93176b870055c9dadbb3cc9a4a440e98396">https://github.com/git-lfs/git-lfs/commit/0cffe93176b870055c9dadbb3cc9a4a440e98396</a></li>
<li><a href="https://github.com/git-lfs/git-lfs/commit/5c11ffce9a4f095ff356bc781e2a031abb46c1a8">https://github.com/git-lfs/git-lfs/commit/5c11ffce9a4f095ff356bc781e2a031abb46c1a8</a></li>
<li><a href="https://github.com/git-lfs/git-lfs/commit/d02bd13f02ef76f6807581cd6b34709069cb3615">https://github.com/git-lfs/git-lfs/commit/d02bd13f02ef76f6807581cd6b34709069cb3615</a></li>
<li><a href="https://github.com/git-lfs/git-lfs/releases/tag/v3.7.1">https://github.com/git-lfs/git-lfs/releases/tag/v3.7.1</a></li>
<li><a href="https://github.com/git-lfs/git-lfs/security/advisories/GHSA-6pvw-g552-53c5">https://github.com/git-lfs/git-lfs/security/advisories/GHSA-6pvw-g552-53c5</a></li>
</ul>
<hr/>
<div class="cta card__cta">
<p><a href="https://snyk.io/vuln/SNYK-UBUNTU2510-GITLFS-13653090">More about this vulnerability</a></p>
</div>
</div><!-- .card -->
<div class="card card--vuln disclosure--not-new severity--medium" data-snyk-test="medium">
<h2 class="card__title">Algorithmic Complexity</h2>
@@ -2312,6 +2233,17 @@
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|quay.io/argoproj/argocd@latest
<span class="list-paths__item__arrow"></span>
tzdata@2025b-3ubuntu1.1
<span class="list-paths__item__arrow"></span>
coreutils/gnu-coreutils@9.5-1ubuntu4
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:

2
docs/snyk/v3.0.23/argocd-iac-install.html
View File

@@ -456,7 +456,7 @@
<div class="header-wrap">
<h1 class="project__header__title">Snyk test report</h1>
<p class="timestamp">January 25th 2026, 12:38:20 am (UTC+00:00)</p>
<p class="timestamp">February 1st 2026, 12:44:50 am (UTC+00:00)</p>
</div>
<div class="source-panel">
<span>Scanned the following path:</span>

2
docs/snyk/v3.0.23/argocd-iac-namespace-install.html
View File

@@ -456,7 +456,7 @@
<div class="header-wrap">
<h1 class="project__header__title">Snyk test report</h1>
<p class="timestamp">January 25th 2026, 12:38:30 am (UTC+00:00)</p>
<p class="timestamp">February 1st 2026, 12:45:00 am (UTC+00:00)</p>
</div>
<div class="source-panel">
<span>Scanned the following path:</span>

2
docs/snyk/v3.0.23/argocd-test.html
View File

@@ -492,7 +492,7 @@
<div class="header-wrap">
<h1 class="project__header__title">Snyk test report</h1>
<p class="timestamp">January 25th 2026, 12:36:19 am (UTC+00:00)</p>
<p class="timestamp">February 1st 2026, 12:42:38 am (UTC+00:00)</p>
</div>
<div class="source-panel">
<span>Scanned the following paths:</span>

1604
docs/snyk/v3.0.23/ghcr.io_dexidp_dex_v2.41.1.html
View File

File diff suppressed because it is too large Load Diff

1934
docs/snyk/v3.0.23/public.ecr.aws_docker_library_haproxy_3.0.8-alpine.html
View File

File diff suppressed because it is too large Load Diff

1824
docs/snyk/v3.0.23/public.ecr.aws_docker_library_redis_7.2.11-alpine.html
View File

File diff suppressed because it is too large Load Diff

1797
docs/snyk/v3.0.23/quay.io_argoproj_argocd_v3.0.23.html
View File

File diff suppressed because it is too large Load Diff

1824
docs/snyk/v3.0.23/redis_7.2.11-alpine.html
View File

File diff suppressed because it is too large Load Diff

2
docs/snyk/v3.1.12/argocd-iac-install.html
View File

@@ -456,7 +456,7 @@
<div class="header-wrap">
<h1 class="project__header__title">Snyk test report</h1>
<p class="timestamp">January 25th 2026, 12:35:50 am (UTC+00:00)</p>
<p class="timestamp">February 1st 2026, 12:42:09 am (UTC+00:00)</p>
</div>
<div class="source-panel">
<span>Scanned the following path:</span>

2
docs/snyk/v3.1.12/argocd-iac-namespace-install.html
View File

@@ -456,7 +456,7 @@
<div class="header-wrap">
<h1 class="project__header__title">Snyk test report</h1>
<p class="timestamp">January 25th 2026, 12:35:59 am (UTC+00:00)</p>
<p class="timestamp">February 1st 2026, 12:42:20 am (UTC+00:00)</p>
</div>
<div class="source-panel">
<span>Scanned the following path:</span>

86
docs/snyk/v3.1.12/argocd-test.html
View File

@@ -7,7 +7,7 @@
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<title>Snyk test report</title>
<meta name="description" content="10 known vulnerabilities found in 20 vulnerable dependency paths.">
<meta name="description" content="11 known vulnerabilities found in 21 vulnerable dependency paths.">
<base target="_blank">
<link rel="icon" type="image/png" href="https://res.cloudinary.com/snyk/image/upload/v1468845142/favicon/favicon.png"
sizes="194x194">
@@ -492,7 +492,7 @@
<div class="header-wrap">
<h1 class="project__header__title">Snyk test report</h1>
<p class="timestamp">January 25th 2026, 12:33:47 am (UTC+00:00)</p>
<p class="timestamp">February 1st 2026, 12:39:58 am (UTC+00:00)</p>
</div>
<div class="source-panel">
<span>Scanned the following paths:</span>
@@ -504,8 +504,8 @@
</div>
<div class="meta-counts">
<div class="meta-count"><span>10</span> <span>known vulnerabilities</span></div>
<div class="meta-count"><span>20 vulnerable dependency paths</span></div>
<div class="meta-count"><span>11</span> <span>known vulnerabilities</span></div>
<div class="meta-count"><span>21 vulnerable dependency paths</span></div>
<div class="meta-count"><span>2105</span> <span>dependencies</span></div>
</div><!-- .meta-counts -->
</div><!-- .layout-container--short -->
@@ -686,6 +686,84 @@
<p><a href="https://snyk.io/vuln/SNYK-JS-QS-14724253">More about this vulnerability</a></p>
</div>
</div><!-- .card -->
<div class="card card--vuln disclosure--not-new severity--high" data-snyk-test="high">
<h2 class="card__title">Uncaught Exception</h2>
<div class="card__section">
<div class="card__labels">
<div class="label label--high">
<span class="label__text">high severity</span>
</div>
<div class="label label--exploit">
<span class="label__text">Exploit: Proof of Concept</span>
</div>
</div>
<hr/>
<ul class="card__meta">
<li class="card__meta__item">
Manifest file: /argo-cd <span class="list-paths__item__arrow"></span> ui/yarn.lock
</li>
<li class="card__meta__item">
Package Manager: npm
</li>
<li class="card__meta__item">
Vulnerable module:
fast-xml-parser
</li>
<li class="card__meta__item">Introduced through:
argo-cd-ui@1.0.0, redoc@2.4.0 and others
</li>
</ul>
<hr/>
<h3 class="card__section__title">Detailed paths</h3>
<ul class="card__meta__paths">
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
argo-cd-ui@1.0.0
<span class="list-paths__item__arrow"></span>
redoc@2.4.0
<span class="list-paths__item__arrow"></span>
openapi-sampler@1.6.1
<span class="list-paths__item__arrow"></span>
fast-xml-parser@4.5.3
</span>
</li>
</ul><!-- .list-paths -->
</div><!-- .card__section -->
<hr/>
<!-- Overview -->
<h2 id="overview">Overview</h2>
<p><a href="https://www.npmjs.org/package/fast-xml-parser">fast-xml-parser</a> is a Validate XML, Parse XML, Build XML without C/C++ based libraries</p>
<p>Affected versions of this package are vulnerable to Uncaught Exception in the numeric entity processing when parsing XML containing out-of-range entity code points. An attacker can cause the application to crash by submitting specially crafted XML input that triggers an uncaught exception.</p>
<h2 id="remediation">Remediation</h2>
<p>Upgrade <code>fast-xml-parser</code> to version 5.3.4 or higher.</p>
<h2 id="references">References</h2>
<ul>
<li><a href="https://github.com/NaturalIntelligence/fast-xml-parser/commit/4e387f61c4a5cef792f6a2f42467013290bf95dc">GitHub Commit</a></li>
<li><a href="https://github.com/NaturalIntelligence/fast-xml-parser/releases/tag/v5.3.4">GitHub Release</a></li>
</ul>
<hr/>
<div class="cta card__cta">
<p><a href="https://snyk.io/vuln/SNYK-JS-FASTXMLPARSER-15155603">More about this vulnerability</a></p>
</div>
</div><!-- .card -->
<div class="card card--vuln disclosure--not-new severity--medium" data-snyk-test="medium">
<h2 class="card__title">Prototype Pollution</h2>

1604
docs/snyk/v3.1.12/ghcr.io_dexidp_dex_v2.43.0.html
View File

File diff suppressed because it is too large Load Diff

1934
docs/snyk/v3.1.12/public.ecr.aws_docker_library_haproxy_3.0.8-alpine.html
View File

File diff suppressed because it is too large Load Diff

1824
docs/snyk/v3.1.12/public.ecr.aws_docker_library_redis_7.2.11-alpine.html
View File

File diff suppressed because it is too large Load Diff

1797
docs/snyk/v3.1.12/quay.io_argoproj_argocd_v3.1.12.html
View File

File diff suppressed because it is too large Load Diff

2
docs/snyk/v3.2.6/argocd-iac-install.html
View File

@@ -456,7 +456,7 @@
<div class="header-wrap">
<h1 class="project__header__title">Snyk test report</h1>
<p class="timestamp">January 25th 2026, 12:33:15 am (UTC+00:00)</p>
<p class="timestamp">February 1st 2026, 12:39:32 am (UTC+00:00)</p>
</div>
<div class="source-panel">
<span>Scanned the following path:</span>

2
docs/snyk/v3.2.6/argocd-iac-namespace-install.html
View File

@@ -456,7 +456,7 @@
<div class="header-wrap">
<h1 class="project__header__title">Snyk test report</h1>
<p class="timestamp">January 25th 2026, 12:33:26 am (UTC+00:00)</p>
<p class="timestamp">February 1st 2026, 12:39:42 am (UTC+00:00)</p>
</div>
<div class="source-panel">
<span>Scanned the following path:</span>

86
docs/snyk/v3.2.6/argocd-test.html
View File

@@ -7,7 +7,7 @@
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<title>Snyk test report</title>
<meta name="description" content="9 known vulnerabilities found in 19 vulnerable dependency paths.">
<meta name="description" content="10 known vulnerabilities found in 20 vulnerable dependency paths.">
<base target="_blank">
<link rel="icon" type="image/png" href="https://res.cloudinary.com/snyk/image/upload/v1468845142/favicon/favicon.png"
sizes="194x194">
@@ -492,7 +492,7 @@
<div class="header-wrap">
<h1 class="project__header__title">Snyk test report</h1>
<p class="timestamp">January 25th 2026, 12:31:18 am (UTC+00:00)</p>
<p class="timestamp">February 1st 2026, 12:37:30 am (UTC+00:00)</p>
</div>
<div class="source-panel">
<span>Scanned the following paths:</span>
@@ -504,8 +504,8 @@
</div>
<div class="meta-counts">
<div class="meta-count"><span>9</span> <span>known vulnerabilities</span></div>
<div class="meta-count"><span>19 vulnerable dependency paths</span></div>
<div class="meta-count"><span>10</span> <span>known vulnerabilities</span></div>
<div class="meta-count"><span>20 vulnerable dependency paths</span></div>
<div class="meta-count"><span>2115</span> <span>dependencies</span></div>
</div><!-- .meta-counts -->
</div><!-- .layout-container--short -->
@@ -608,6 +608,84 @@
<p><a href="https://snyk.io/vuln/SNYK-JS-QS-14724253">More about this vulnerability</a></p>
</div>
</div><!-- .card -->
<div class="card card--vuln disclosure--not-new severity--high" data-snyk-test="high">
<h2 class="card__title">Uncaught Exception</h2>
<div class="card__section">
<div class="card__labels">
<div class="label label--high">
<span class="label__text">high severity</span>
</div>
<div class="label label--exploit">
<span class="label__text">Exploit: Proof of Concept</span>
</div>
</div>
<hr/>
<ul class="card__meta">
<li class="card__meta__item">
Manifest file: /argo-cd <span class="list-paths__item__arrow"></span> ui/yarn.lock
</li>
<li class="card__meta__item">
Package Manager: npm
</li>
<li class="card__meta__item">
Vulnerable module:
fast-xml-parser
</li>
<li class="card__meta__item">Introduced through:
argo-cd-ui@1.0.0, redoc@2.4.0 and others
</li>
</ul>
<hr/>
<h3 class="card__section__title">Detailed paths</h3>
<ul class="card__meta__paths">
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
argo-cd-ui@1.0.0
<span class="list-paths__item__arrow"></span>
redoc@2.4.0
<span class="list-paths__item__arrow"></span>
openapi-sampler@1.6.1
<span class="list-paths__item__arrow"></span>
fast-xml-parser@4.5.3
</span>
</li>
</ul><!-- .list-paths -->
</div><!-- .card__section -->
<hr/>
<!-- Overview -->
<h2 id="overview">Overview</h2>
<p><a href="https://www.npmjs.org/package/fast-xml-parser">fast-xml-parser</a> is a Validate XML, Parse XML, Build XML without C/C++ based libraries</p>
<p>Affected versions of this package are vulnerable to Uncaught Exception in the numeric entity processing when parsing XML containing out-of-range entity code points. An attacker can cause the application to crash by submitting specially crafted XML input that triggers an uncaught exception.</p>
<h2 id="remediation">Remediation</h2>
<p>Upgrade <code>fast-xml-parser</code> to version 5.3.4 or higher.</p>
<h2 id="references">References</h2>
<ul>
<li><a href="https://github.com/NaturalIntelligence/fast-xml-parser/commit/4e387f61c4a5cef792f6a2f42467013290bf95dc">GitHub Commit</a></li>
<li><a href="https://github.com/NaturalIntelligence/fast-xml-parser/releases/tag/v5.3.4">GitHub Release</a></li>
</ul>
<hr/>
<div class="cta card__cta">
<p><a href="https://snyk.io/vuln/SNYK-JS-FASTXMLPARSER-15155603">More about this vulnerability</a></p>
</div>
</div><!-- .card -->
<div class="card card--vuln disclosure--not-new severity--medium" data-snyk-test="medium">
<h2 class="card__title">Prototype Pollution</h2>

1604
docs/snyk/v3.2.6/ghcr.io_dexidp_dex_v2.43.0.html
View File

File diff suppressed because it is too large Load Diff

1934
docs/snyk/v3.2.6/public.ecr.aws_docker_library_haproxy_3.0.8-alpine.html
View File

File diff suppressed because it is too large Load Diff

2371
docs/snyk/v3.2.6/public.ecr.aws_docker_library_redis_8.2.2-alpine.html
View File

File diff suppressed because it is too large Load Diff

2
docs/snyk/v3.2.6/quay.io_argoproj_argocd_v3.2.6.html
View File

@@ -492,7 +492,7 @@
<div class="header-wrap">
<h1 class="project__header__title">Snyk test report</h1>
<p class="timestamp">January 25th 2026, 12:31:56 am (UTC+00:00)</p>
<p class="timestamp">February 1st 2026, 12:38:11 am (UTC+00:00)</p>
</div>
<div class="source-panel">
<span>Scanned the following paths:</span>

2
docs/snyk/v3.3.0-rc4/argocd-iac-install.html
View File

@@ -456,7 +456,7 @@
<div class="header-wrap">
<h1 class="project__header__title">Snyk test report</h1>
<p class="timestamp">January 25th 2026, 12:30:55 am (UTC+00:00)</p>
<p class="timestamp">February 1st 2026, 12:37:05 am (UTC+00:00)</p>
</div>
<div class="source-panel">
<span>Scanned the following path:</span>

2
docs/snyk/v3.3.0-rc4/argocd-iac-namespace-install.html
View File

@@ -456,7 +456,7 @@
<div class="header-wrap">
<h1 class="project__header__title">Snyk test report</h1>
<p class="timestamp">January 25th 2026, 12:31:05 am (UTC+00:00)</p>
<p class="timestamp">February 1st 2026, 12:37:17 am (UTC+00:00)</p>
</div>
<div class="source-panel">
<span>Scanned the following path:</span>

86
docs/snyk/v3.3.0-rc4/argocd-test.html
View File

@@ -7,7 +7,7 @@
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<title>Snyk test report</title>
<meta name="description" content="7 known vulnerabilities found in 17 vulnerable dependency paths.">
<meta name="description" content="8 known vulnerabilities found in 18 vulnerable dependency paths.">
<base target="_blank">
<link rel="icon" type="image/png" href="https://res.cloudinary.com/snyk/image/upload/v1468845142/favicon/favicon.png"
sizes="194x194">
@@ -492,7 +492,7 @@
<div class="header-wrap">
<h1 class="project__header__title">Snyk test report</h1>
<p class="timestamp">January 25th 2026, 12:28:29 am (UTC+00:00)</p>
<p class="timestamp">February 1st 2026, 12:34:41 am (UTC+00:00)</p>
</div>
<div class="source-panel">
<span>Scanned the following paths:</span>
@@ -505,8 +505,8 @@
</div>
<div class="meta-counts">
<div class="meta-count"><span>7</span> <span>known vulnerabilities</span></div>
<div class="meta-count"><span>17 vulnerable dependency paths</span></div>
<div class="meta-count"><span>8</span> <span>known vulnerabilities</span></div>
<div class="meta-count"><span>18 vulnerable dependency paths</span></div>
<div class="meta-count"><span>2868</span> <span>dependencies</span></div>
</div><!-- .meta-counts -->
</div><!-- .layout-container--short -->
@@ -609,6 +609,84 @@
<p><a href="https://snyk.io/vuln/SNYK-JS-QS-14724253">More about this vulnerability</a></p>
</div>
</div><!-- .card -->
<div class="card card--vuln disclosure--not-new severity--high" data-snyk-test="high">
<h2 class="card__title">Uncaught Exception</h2>
<div class="card__section">
<div class="card__labels">
<div class="label label--high">
<span class="label__text">high severity</span>
</div>
<div class="label label--exploit">
<span class="label__text">Exploit: Proof of Concept</span>
</div>
</div>
<hr/>
<ul class="card__meta">
<li class="card__meta__item">
Manifest file: /argo-cd <span class="list-paths__item__arrow"></span> ui/yarn.lock
</li>
<li class="card__meta__item">
Package Manager: npm
</li>
<li class="card__meta__item">
Vulnerable module:
fast-xml-parser
</li>
<li class="card__meta__item">Introduced through:
argo-cd-ui@1.0.0, redoc@2.4.0 and others
</li>
</ul>
<hr/>
<h3 class="card__section__title">Detailed paths</h3>
<ul class="card__meta__paths">
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
argo-cd-ui@1.0.0
<span class="list-paths__item__arrow"></span>
redoc@2.4.0
<span class="list-paths__item__arrow"></span>
openapi-sampler@1.6.1
<span class="list-paths__item__arrow"></span>
fast-xml-parser@4.5.3
</span>
</li>
</ul><!-- .list-paths -->
</div><!-- .card__section -->
<hr/>
<!-- Overview -->
<h2 id="overview">Overview</h2>
<p><a href="https://www.npmjs.org/package/fast-xml-parser">fast-xml-parser</a> is a Validate XML, Parse XML, Build XML without C/C++ based libraries</p>
<p>Affected versions of this package are vulnerable to Uncaught Exception in the numeric entity processing when parsing XML containing out-of-range entity code points. An attacker can cause the application to crash by submitting specially crafted XML input that triggers an uncaught exception.</p>
<h2 id="remediation">Remediation</h2>
<p>Upgrade <code>fast-xml-parser</code> to version 5.3.4 or higher.</p>
<h2 id="references">References</h2>
<ul>
<li><a href="https://github.com/NaturalIntelligence/fast-xml-parser/commit/4e387f61c4a5cef792f6a2f42467013290bf95dc">GitHub Commit</a></li>
<li><a href="https://github.com/NaturalIntelligence/fast-xml-parser/releases/tag/v5.3.4">GitHub Release</a></li>
</ul>
<hr/>
<div class="cta card__cta">
<p><a href="https://snyk.io/vuln/SNYK-JS-FASTXMLPARSER-15155603">More about this vulnerability</a></p>
</div>
</div><!-- .card -->
<div class="card card--vuln disclosure--not-new severity--medium" data-snyk-test="medium">
<h2 class="card__title">Prototype Pollution</h2>

1604
docs/snyk/v3.3.0-rc4/ghcr.io_dexidp_dex_v2.43.0.html
View File

File diff suppressed because it is too large Load Diff

1934
docs/snyk/v3.3.0-rc4/public.ecr.aws_docker_library_haproxy_3.0.8-alpine.html
View File

File diff suppressed because it is too large Load Diff

244
docs/snyk/v3.3.0-rc4/public.ecr.aws_docker_library_redis_8.2.3-alpine.html
View File

@@ -7,7 +7,7 @@
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<title>Snyk test report</title>
<meta name="description" content="2 known vulnerabilities found in 10 vulnerable dependency paths.">
<meta name="description" content="0 known vulnerabilities found in 0 vulnerable dependency paths.">
<base target="_blank">
<link rel="icon" type="image/png" href="https://res.cloudinary.com/snyk/image/upload/v1468845142/favicon/favicon.png"
sizes="194x194">
@@ -492,7 +492,7 @@
<div class="header-wrap">
<h1 class="project__header__title">Snyk test report</h1>
<p class="timestamp">January 25th 2026, 12:28:46 am (UTC+00:00)</p>
<p class="timestamp">February 1st 2026, 12:34:56 am (UTC+00:00)</p>
</div>
<div class="source-panel">
<span>Scanned the following path:</span>
@@ -502,8 +502,8 @@
</div>
<div class="meta-counts">
<div class="meta-count"><span>2</span> <span>known vulnerabilities</span></div>
<div class="meta-count"><span>10 vulnerable dependency paths</span></div>
<div class="meta-count"><span>0</span> <span>known vulnerabilities</span></div>
<div class="meta-count"><span>0 vulnerable dependency paths</span></div>
<div class="meta-count"><span>22</span> <span>dependencies</span></div>
</div><!-- .meta-counts -->
</div><!-- .layout-container--short -->
@@ -520,241 +520,7 @@
</table>
</section>
<div class="layout-container" style="padding-top: 35px;">
<div class="cards--vuln filter--patch filter--ignore">
<div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low">
<h2 class="card__title">CVE-2025-46394</h2>
<div class="card__section">
<div class="card__labels">
<div class="label label--low">
<span class="label__text">low severity</span>
</div>
<div class="label label--exploit">
<span class="label__text">Exploit: Not Defined</span>
</div>
</div>
<hr/>
<ul class="card__meta">
<li class="card__meta__item">
Package Manager: alpine:3.22
</li>
<li class="card__meta__item">
Vulnerable module:
busybox/busybox
</li>
<li class="card__meta__item">Introduced through:
docker-image|public.ecr.aws/docker/library/redis@8.2.3-alpine and busybox/busybox@1.37.0-r19
</li>
</ul>
<hr/>
<h3 class="card__section__title">Detailed paths</h3>
<ul class="card__meta__paths">
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|public.ecr.aws/docker/library/redis@8.2.3-alpine
<span class="list-paths__item__arrow"></span>
busybox/busybox@1.37.0-r19
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|public.ecr.aws/docker/library/redis@8.2.3-alpine
<span class="list-paths__item__arrow"></span>
alpine-baselayout/alpine-baselayout@3.7.0-r0
<span class="list-paths__item__arrow"></span>
busybox/busybox-binsh@1.37.0-r19
<span class="list-paths__item__arrow"></span>
busybox/busybox@1.37.0-r19
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|public.ecr.aws/docker/library/redis@8.2.3-alpine
<span class="list-paths__item__arrow"></span>
busybox/busybox-binsh@1.37.0-r19
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|public.ecr.aws/docker/library/redis@8.2.3-alpine
<span class="list-paths__item__arrow"></span>
alpine-baselayout/alpine-baselayout@3.7.0-r0
<span class="list-paths__item__arrow"></span>
busybox/busybox-binsh@1.37.0-r19
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|public.ecr.aws/docker/library/redis@8.2.3-alpine
<span class="list-paths__item__arrow"></span>
busybox/ssl_client@1.37.0-r19
</span>
</li>
</ul><!-- .list-paths -->
</div><!-- .card__section -->
<hr/>
<!-- Overview -->
<h2 id="nvd-description">NVD Description</h2>
<p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>busybox</code> package and not the <code>busybox</code> package as distributed by <code>Alpine</code>.</em>
<em>See <code>How to fix?</code> for <code>Alpine:3.22</code> relevant fixed versions and status.</em></p>
<p>In tar in BusyBox through 1.37.0, a TAR archive can have filenames hidden from a listing through the use of terminal escape sequences.</p>
<h2 id="remediation">Remediation</h2>
<p>Upgrade <code>Alpine:3.22</code> <code>busybox</code> to version 1.37.0-r20 or higher.</p>
<h2 id="references">References</h2>
<ul>
<li><a href="https://bugs.busybox.net/show_bug.cgi?id=16018">https://bugs.busybox.net/show_bug.cgi?id=16018</a></li>
<li><a href="https://www.busybox.net">https://www.busybox.net</a></li>
<li><a href="https://www.busybox.net/downloads/">https://www.busybox.net/downloads/</a></li>
<li><a href="http://www.openwall.com/lists/oss-security/2025/04/23/5">http://www.openwall.com/lists/oss-security/2025/04/23/5</a></li>
<li><a href="http://www.openwall.com/lists/oss-security/2025/04/24/3">http://www.openwall.com/lists/oss-security/2025/04/24/3</a></li>
</ul>
<hr/>
<div class="cta card__cta">
<p><a href="https://snyk.io/vuln/SNYK-ALPINE322-BUSYBOX-14091698">More about this vulnerability</a></p>
</div>
</div><!-- .card -->
<div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low">
<h2 class="card__title">CVE-2024-58251</h2>
<div class="card__section">
<div class="card__labels">
<div class="label label--low">
<span class="label__text">low severity</span>
</div>
<div class="label label--exploit">
<span class="label__text">Exploit: Not Defined</span>
</div>
</div>
<hr/>
<ul class="card__meta">
<li class="card__meta__item">
Package Manager: alpine:3.22
</li>
<li class="card__meta__item">
Vulnerable module:
busybox/busybox
</li>
<li class="card__meta__item">Introduced through:
docker-image|public.ecr.aws/docker/library/redis@8.2.3-alpine and busybox/busybox@1.37.0-r19
</li>
</ul>
<hr/>
<h3 class="card__section__title">Detailed paths</h3>
<ul class="card__meta__paths">
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|public.ecr.aws/docker/library/redis@8.2.3-alpine
<span class="list-paths__item__arrow"></span>
busybox/busybox@1.37.0-r19
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|public.ecr.aws/docker/library/redis@8.2.3-alpine
<span class="list-paths__item__arrow"></span>
alpine-baselayout/alpine-baselayout@3.7.0-r0
<span class="list-paths__item__arrow"></span>
busybox/busybox-binsh@1.37.0-r19
<span class="list-paths__item__arrow"></span>
busybox/busybox@1.37.0-r19
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|public.ecr.aws/docker/library/redis@8.2.3-alpine
<span class="list-paths__item__arrow"></span>
busybox/busybox-binsh@1.37.0-r19
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|public.ecr.aws/docker/library/redis@8.2.3-alpine
<span class="list-paths__item__arrow"></span>
alpine-baselayout/alpine-baselayout@3.7.0-r0
<span class="list-paths__item__arrow"></span>
busybox/busybox-binsh@1.37.0-r19
</span>
</li>
<li>
<span class="list-paths__item__introduced"><em>Introduced through</em>:
docker-image|public.ecr.aws/docker/library/redis@8.2.3-alpine
<span class="list-paths__item__arrow"></span>
busybox/ssl_client@1.37.0-r19
</span>
</li>
</ul><!-- .list-paths -->
</div><!-- .card__section -->
<hr/>
<!-- Overview -->
<h2 id="nvd-description">NVD Description</h2>
<p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>busybox</code> package and not the <code>busybox</code> package as distributed by <code>Alpine</code>.</em>
<em>See <code>How to fix?</code> for <code>Alpine:3.22</code> relevant fixed versions and status.</em></p>
<p>In netstat in BusyBox through 1.37.0, local users can launch of network application with an argv[0] containing an ANSI terminal escape sequence, leading to a denial of service (terminal locked up) when netstat is used by a victim.</p>
<h2 id="remediation">Remediation</h2>
<p>Upgrade <code>Alpine:3.22</code> <code>busybox</code> to version 1.37.0-r20 or higher.</p>
<h2 id="references">References</h2>
<ul>
<li><a href="https://bugs.busybox.net/show_bug.cgi?id=15922">https://bugs.busybox.net/show_bug.cgi?id=15922</a></li>
<li><a href="https://www.busybox.net">https://www.busybox.net</a></li>
<li><a href="https://www.busybox.net/downloads/">https://www.busybox.net/downloads/</a></li>
<li><a href="http://www.openwall.com/lists/oss-security/2025/04/23/6">http://www.openwall.com/lists/oss-security/2025/04/23/6</a></li>
</ul>
<hr/>
<div class="cta card__cta">
<p><a href="https://snyk.io/vuln/SNYK-ALPINE322-BUSYBOX-14091701">More about this vulnerability</a></p>
</div>
</div><!-- .card -->
</div><!-- cards -->
No known vulnerabilities detected.
</div>
</main><!-- .layout-stacked__content -->
</body>

2
docs/snyk/v3.3.0-rc4/quay.io_argoproj_argocd_v3.3.0-rc4.html
View File

@@ -492,7 +492,7 @@
<div class="header-wrap">
<h1 class="project__header__title">Snyk test report</h1>
<p class="timestamp">January 25th 2026, 12:29:06 am (UTC+00:00)</p>
<p class="timestamp">February 1st 2026, 12:35:24 am (UTC+00:00)</p>
</div>
<div class="source-panel">
<span>Scanned the following paths:</span>