GO-2024-2654
- Source
- https://pkg.go.dev/vuln/GO-2024-2654
- Import Source
- https://vuln.go.dev/ID/GO-2024-2654.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/GO-2024-2654
- Aliases
- Published
- 2024-03-22T18:44:48Z
- Modified
- 2024-05-20T16:03:47Z
- Summary
- Denial of service in github.com/argoproj/argo-cd/v2
- Details
-
Application may crash due to concurrent writes, leading to a denial of service. An attacker can crash the application continuously, making it impossible for legitimate users to access the service. Authentication is not required in the attack.
- Database specific
{ "url": "https://pkg.go.dev/vuln/GO-2024-2654", "review_status": "REVIEWED" }- References
-
- https://github.com/argoproj/argo-cd/commit/2a22e19e06aaf6a1e734443043310a66c234e345
- https://github.com/argoproj/argo-cd/commit/5bbb51ab423f273dda74ab956469843d2db2e208
- https://github.com/argoproj/argo-cd/commit/ce04dc5c6f6e92033221ec6d96b74403b065ca8b
- https://github.com/argoproj/argo-cd/blob/54601c8fd30b86a4c4b7eb449956264372c8bde0/util/session/sessionmanager.go#L302-L311
- Credits
-
-
- @nadava669
-
- @todaywasawesome
-
- @crenshaw-dev
-
- @jannfis
-
- @pasha-codefresh
-
Affected packages
Go / github.com/argoproj/argo-cd/v2
Package
- Name
- github.com/argoproj/argo-cd/v2
- View open source insights on deps.dev
- Purl
- pkg:golang/github.com/argoproj/argo-cd/v2
Affected ranges
- Type
- SEMVER
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.8.13Introduced2.9.0Fixed2.9.9Introduced2.10.0Fixed2.10.4
Ecosystem specific
{
"imports": [
{
"path": "github.com/argoproj/argo-cd/v2/server/application",
"symbols": [
"NewHandler",
"newTerminalSession"
]
},
{
"path": "github.com/argoproj/argo-cd/v2/util/session",
"symbols": [
"SessionManager.VerifyUsernamePassword",
"SessionManager.getFailureCount",
"SessionManager.updateFailureCount",
"expireOldFailedAttempts"
]
}
]
}