x/vulndb: potential Go vuln in github.com/argoproj/argo-cd: GHSA-6v85-wr92-q4p7

[GoVulnBot]

In GitHub Security Advisory GHSA-6v85-wr92-q4p7, there is a vulnerability in the following Go packages or modules:

Unit	Fixed	Vulnerable Ranges
github.com/argoproj/argo-cd	2.10.4	>= 2.10.0, < 2.10.4

Cross references:

• Module github.com/argoproj/argo-cd appears in issue x/vulndb: potential Go vuln in github.com/argoproj/argo-cd: CVE-2022-24348 #304 EFFECTIVELY_PRIVATE
• Module github.com/argoproj/argo-cd appears in issue x/vulndb: potential Go vuln in github.com/argoproj/argo-cd: CVE-2022-24730 #357 EFFECTIVELY_PRIVATE
• Module github.com/argoproj/argo-cd appears in issue x/vulndb: potential Go vuln in github.com/argoproj/argo-cd: CVE-2022-24731 #358 EFFECTIVELY_PRIVATE
• Module github.com/argoproj/argo-cd appears in issue x/vulndb: potential Go vuln in github.com/argoproj/argo-cd: CVE-2022-24768 #359 EFFECTIVELY_PRIVATE
• Module github.com/argoproj/argo-cd appears in issue x/vulndb: potential Go vuln in github.com/argoproj/argo-cd: GHSA-6w87-g839-9wv7 #387 EFFECTIVELY_PRIVATE
• Module github.com/argoproj/argo-cd appears in issue x/vulndb: potential Go vuln in github.com/argoproj/argo-cd: CVE-2022-24904 #453 EFFECTIVELY_PRIVATE
• Module github.com/argoproj/argo-cd appears in issue x/vulndb: potential Go vuln in github.com/argoproj/argo-cd: CVE-2022-24905 #454 EFFECTIVELY_PRIVATE
• Module github.com/argoproj/argo-cd appears in issue x/vulndb: potential Go vuln in github.com/argoproj/argo-cd: CVE-2022-29165 #455 EFFECTIVELY_PRIVATE
• Module github.com/argoproj/argo-cd appears in issue x/vulndb: potential Go vuln in github.com/argoproj/argo-cd: CVE-2022-31016 #495 EFFECTIVELY_PRIVATE
• Module github.com/argoproj/argo-cd appears in issue x/vulndb: potential Go vuln in github.com/argoproj/argo-cd: CVE-2022-31034 #497 EFFECTIVELY_PRIVATE
• Module github.com/argoproj/argo-cd appears in issue x/vulndb: potential Go vuln in github.com/argoproj/argo-cd: CVE-2022-31035 #498 EFFECTIVELY_PRIVATE
• Module github.com/argoproj/argo-cd appears in issue x/vulndb: potential Go vuln in github.com/argoproj/argo-cd: CVE-2022-31036 #499 EFFECTIVELY_PRIVATE
• Module github.com/argoproj/argo-cd appears in issue x/vulndb: potential Go vuln in github.com/argoproj/argo-cd: CVE-2022-1025 #516 EFFECTIVELY_PRIVATE
• Module github.com/argoproj/argo-cd appears in issue x/vulndb: potential Go vuln in github.com/argoproj/argo-cd: CVE-2022-31102 #517 EFFECTIVELY_PRIVATE
• Module github.com/argoproj/argo-cd appears in issue x/vulndb: potential Go vuln in github.com/argoproj/argo-cd: CVE-2022-31105 #518 EFFECTIVELY_PRIVATE
• Module github.com/argoproj/argo-cd appears in issue x/vulndb: potential Go vuln in github.com/argoproj/argo-cd/util/session: GHSA-vj54-cjrx-x696 #882 NOT_IMPORTABLE
• Module github.com/argoproj/argo-cd appears in issue x/vulndb: potential Go vuln in github.com/argoproj/argo-cd/util/cache: GHSA-xcqr-9h24-vrgw #892 NOT_IMPORTABLE
• Module github.com/argoproj/argo-cd appears in issue x/vulndb: potential Go vuln in github.com/argoproj/argo-cd: GHSA-6p4m-hw2h-6gmw #1512 NOT_IMPORTABLE
• Module github.com/argoproj/argo-cd appears in issue x/vulndb: potential Go vuln in github.com/argoproj/argo-cd: GHSA-q9hr-j4rf-8fjc #1520 NOT_IMPORTABLE
• Module github.com/argoproj/argo-cd appears in issue x/vulndb: potential Go vuln in github.com/argoproj/argo-cd: CVE-2023-23947 #1577 EFFECTIVELY_PRIVATE
• Module github.com/argoproj/argo-cd appears in issue x/vulndb: potential Go vuln in github.com/argoproj/argo-cd/v2: GHSA-2q5c-qw9c-fmvq #1670 EFFECTIVELY_PRIVATE
• Module github.com/argoproj/argo-cd appears in issue x/vulndb: potential Go vuln in github.com/argoproj/argo-cd: GHSA-c8xw-vjgf-94hr #2018 EFFECTIVELY_PRIVATE
• Module github.com/argoproj/argo-cd appears in issue x/vulndb: potential Go vuln in github.com/argoproj/argo-cd: CVE-2023-40029 #2049 NOT_IMPORTABLE
• Module github.com/argoproj/argo-cd appears in issue x/vulndb: potential Go vuln in github.com/argoproj/argo-cd: CVE-2023-40584 #2050 EFFECTIVELY_PRIVATE
• Module github.com/argoproj/argo-cd appears in issue x/vulndb: potential Go vuln in github.com/argoproj/argo-cd: CVE-2024-22424 #2470 EFFECTIVELY_PRIVATE

See doc/triage.md for instructions on how to triage this report.

modules:
    - module: github.com/argoproj/argo-cd
      versions:
        - introduced: 2.10.0
          fixed: 2.10.4
      packages:
        - package: github.com/argoproj/argo-cd
    - module: github.com/argoproj/argo-cd
      versions:
        - introduced: 2.9.0
          fixed: 2.9.9
      packages:
        - package: github.com/argoproj/argo-cd
    - module: github.com/argoproj/argo-cd
      versions:
        - fixed: 2.8.13
      packages:
        - package: github.com/argoproj/argo-cd
summary: |-
    Denial of Service (DoS) Vulnerability Due to Unsafe Array Modification in
    Multi-threaded Environment
cves:
    - CVE-2024-21661
ghsas:
    - GHSA-6v85-wr92-q4p7
references:
    - advisory: https://github.com/argoproj/argo-cd/security/advisories/GHSA-6v85-wr92-q4p7
    - advisory: https://github.com/advisories/GHSA-6v85-wr92-q4p7

[gopherbot]

Change https://go.dev/cl/573496 mentions this issue: data/reports: add GO-2024-2654.yaml