VYPR
Moderate severityNVD Advisory· Published Oct 28, 2024· Updated Apr 4, 2025

Argo Workflows Controller: Denial of Service via malicious daemon Workflows

CVE-2024-47827

Description

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Due to a race condition in a global variable in 3.6.0-rc1, the argo workflows controller can be made to crash on-command by any user with access to execute a workflow. This vulnerability is fixed in 3.6.0-rc2.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
github.com/argoproj/argo-workflows/v3Go
>= 3.6.0-rc1, < 3.6.0-rc23.6.0-rc2

Affected products

9

Patches

Vulnerability mechanics

References

6

News mentions

0

No linked articles in our index yet.