Affected by GO-2023-1577
and 7 other vulnerabilities
GO-2023-1577 : Users with any cluster secret update access may update out-of-bounds cluster secrets in github.com/argoproj/argo-cd
GO-2023-1670 : Argo CD authenticated but unauthorized users may enumerate Application names via the API in github.com/argoproj/argo-cd
GO-2023-2049 : Argo CD cluster secret might leak in cluster details page in github.com/argoproj/argo-cd
GO-2024-2646 : Cross-site scripting on application summary component in github.com/argoproj/argo-cd/v2
GO-2024-2792 : Argo CD vulnerable to a Denial of Service via malicious jqPathExpressions in ignoreDifferences in github.com/argoproj/argo-cd
GO-2024-2877 : ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache in github.com/argoproj/argo-cd
GO-2024-2898 : Argo-cd authenticated users can enumerate clusters by name in github.com/argoproj/argo-cd
GO-2024-3002 : Argo CD Unauthenticated Denial of Service (DoS) Vulnerability via /api/webhook Endpoint in github.com/argoproj/argo-cd
Discover Packages
github.com/argoproj/argo-cd/v2
util
security
package
Version:
v2.3.14
Opens a new window with list of versions in this module.
Published: Jan 25, 2023
License: Apache-2.0
Opens a new window with license information.
Imports: 5
Opens a new window with list of imports.
Imported by: 7
Opens a new window with list of known importers.
Documentation
Documentation
¶
Ensure that `requestedPath` is on the same directory or any subdirectory of `currentRoot`. Both `currentRoot` and
`requestedPath` must be absolute paths. They may contain any number of `./` or `/../` dir changes.
UnverifiedHasAudClaim returns whether the "aud" claim is present in the given JWT.
This function DOES NOT VERIFY THE TOKEN. You still have to verify the token to confirm that the token holder has not
altered the "aud" claim.
Source Files
¶
Click to show internal directories.
Click to hide internal directories.