apk package
chainguard/argo-workflow-executor-3.6-compat-fips
pkg:apk/chainguard/argo-workflow-executor-3.6-compat-fips
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-68156 | — | < 3.6.15-r1 | 3.6.15-r1 | Dec 16, 2025 | Expr is an expression language and expression evaluation for Go. Prior to version 1.17.7, several builtin functions in Expr, including `flatten`, `min`, `max`, `mean`, and `median`, perform recursive traversal over user-provided data structures without enforcing a maximum recursi | ||
| CVE-2025-62157 | — | < 3.6.12-r0 | 3.6.12-r0 | Oct 14, 2025 | Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Argo Workflows versions prior to 3.6.12 and versions 3.7.0 through 3.7.2 expose artifact repository credentials in plaintext in workflow-controller pod logs. An attack | ||
| CVE-2025-62156 | — | < 3.6.12-r0 | 3.6.12-r0 | Oct 14, 2025 | Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Versions prior to 3.6.12 and versions 3.7.0 through 3.7.2 contain a Zip Slip path traversal vulnerability in artifact extraction. During artifact extraction the unpack | ||
| CVE-2025-8556 | Low | 3.7 | < 3.6.11-r1 | 3.6.11-r1 | Aug 6, 2025 | A flaw was found in CIRCL's implementation of the FourQ elliptic curve. This vulnerability allows an attacker to compromise session security via low-order point injection and incorrect point validation during Diffie-Hellman key exchange. |
- CVE-2025-68156Dec 16, 2025affected < 3.6.15-r1fixed 3.6.15-r1
Expr is an expression language and expression evaluation for Go. Prior to version 1.17.7, several builtin functions in Expr, including `flatten`, `min`, `max`, `mean`, and `median`, perform recursive traversal over user-provided data structures without enforcing a maximum recursi
- CVE-2025-62157Oct 14, 2025affected < 3.6.12-r0fixed 3.6.12-r0
Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Argo Workflows versions prior to 3.6.12 and versions 3.7.0 through 3.7.2 expose artifact repository credentials in plaintext in workflow-controller pod logs. An attack
- CVE-2025-62156Oct 14, 2025affected < 3.6.12-r0fixed 3.6.12-r0
Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Versions prior to 3.6.12 and versions 3.7.0 through 3.7.2 contain a Zip Slip path traversal vulnerability in artifact extraction. During artifact extraction the unpack
- affected < 3.6.11-r1fixed 3.6.11-r1
A flaw was found in CIRCL's implementation of the FourQ elliptic curve. This vulnerability allows an attacker to compromise session security via low-order point injection and incorrect point validation during Diffie-Hellman key exchange.