Symlink following allows leaking out-of-bounds YAML files from Argo CD repo-server in github.com/argoproj/argo-cd
{ "url": "https://pkg.go.dev/vuln/GO-2022-0499", "review_status": "UNREVIEWED" }