How serious is CVE-2021-37914?

This vulnerability has a CVSS score of 6.5 out of 10, classified as MEDIUM severity. No public exploit code has been identified yet.

Which products are affected by CVE-2021-37914?

CVE-2021-37914 affects argoproj argo workflows. Check the full CVE details for specific version information.

How do I fix CVE-2021-37914?

To remediate CVE-2021-37914, check for security patches from argoproj. Apply all available updates and security patches. If no patch is available, implement recommended workarounds or security controls to mitigate the risk.

CVE-2021-37914

Medium

|6.5

No Exploit

Plain English Summary

AI-powered analysis for quick understanding

An attacker can disrupt workflows in Argo Workflows if they are allowed to input parameters while the EXPRESSION_TEMPLATES feature is enabled. This vulnerability occurs when untrusted users can influence the output of expression templates, potentially leading to unexpected behavior in the workflow.

Technical Description

In Argo Workflows through 3.1.3, if EXPRESSION_TEMPLATES is enabled and untrusted users are allowed to specify input parameters when running workflows, an attacker may be able to disrupt a workflow because expression template output is evaluated.

CVSS Vector Analysis

Attack VectorNetwork

Attack ComplexityLow

Privileges RequiredNone

User InteractionNone

Confidentiality ImpactNone

Integrity ImpactLow

Availability ImpactLow

ScopeUnchanged

Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

Exploit Resources

Search for proof-of-concept code and exploit modules

GitHub Search Exploit-DB Nuclei Templates Metasploit Vulners

Official References

NIST NVD

Est. Bounty

$931($500-$1K)

Vendor Response

Grade FPatched in 1655 days

Quick Information

Published

Aug 3, 2021

over 4 years ago

Last Modified

Feb 13, 2026

7 days ago

Vendor

argoproj

Product

argo workflows