x/vulndb: potential Go vuln in github.com/argoproj/argo-workflows/v3: GHSA-6c73-2v8x-qpvm

[GoVulnBot]

In GitHub Security Advisory GHSA-6c73-2v8x-qpvm, there is a vulnerability in the following Go packages or modules:

Unit	Fixed	Vulnerable Ranges
github.com/argoproj/argo-workflows/v3	3.1.6	>= 3.1.0, < 3.1.6

See doc/triage.md for instructions on how to triage this report.

package: github.com/argoproj/argo-workflows/v3
additional_packages:
  - package: github.com/argoproj/argo-workflows/v3
    versions:
      - introduced: v3.0.0
        fixed: v3.0.9
versions:
  - introduced: v3.1.0
    fixed: v3.1.6
description: "### Impact\n\nWe are not aware of any exploits. This is a pro-active
    fix.\n\nImpacted: \n\n* You are running Argo Server < v3.0 with `--secure=true`
    or >= v3.0 with `--secure` unspecified (note - running in secure mode is recommended
    regardless).\n* The attacker is within your network. If you expose Argo Server
    to the Internet then \"your network\" is \"the Internet\". \n\nThe Argo Server's
    keys are packaged within the image. They could be extracted and used to decrypt
    traffic, or forge requests.\n\n### Patches\n\nhttps://github.com/argoproj/argo-workflows/pull/6540\n\n###
    Workarounds\n\n* Make sure that your Argo Server service or pod are not directly
    accessible outside of your cluster. Put TLS load balancer in front of it.\n\nThis
    was identified by engineers at Jetstack.io"
published: 2021-08-23T19:41:30Z
last_modified: 2021-08-23T19:41:30Z
ghsas:
  - GHSA-6c73-2v8x-qpvm

[neild]

Vulnerability in tool.

[gopherbot]

Change https://go.dev/cl/592767 mentions this issue: data/reports: unexclude 50 reports

[gopherbot]

Change https://go.dev/cl/607217 mentions this issue: data/reports: unexclude 20 reports (15)