Affected by GO-2026-4350 and 2 other vulnerabilities

GO-2026-4350: Argo Workflows affected by stored XSS in the artifact directory listing in github.com/argoproj/argo-workflows

GO-2026-4678: Unauthorized access to Argo Workflows Template in github.com/argoproj/argo-workflows

GO-2026-4681: Argo Workflows: WorkflowTemplate Security Bypass via podSpecPatch in Strict/Secure Reference Mode in github.com/argoproj/argo-workflows

The highest tagged major version is v4.

spec

package

v3.7.6 Latest Latest Go to latest Published: Dec 9, 2025 License: Apache-2.0 Imports: 3 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/argoproj/argo-workflows

Links

Open Source Insights

Documentation ¶

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type Plugin ¶

type Plugin struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata"`
	Spec              PluginSpec `json:"spec"`
}

func (Plugin) Validate ¶

func (p Plugin) Validate() error

type PluginSpec ¶

type PluginSpec struct {
	Sidecar Sidecar `json:"sidecar"`
}

type Sidecar ¶

type Sidecar struct {
	// AutomountServiceAccount mounts the service account's token. The service account must have the same name as the plugin.
	AutomountServiceAccountToken bool            `json:"automountServiceAccountToken,omitempty"`
	Container                    apiv1.Container `json:"container"`
}

func (Sidecar) Validate ¶

func (s Sidecar) Validate() error

Source Files ¶

View all Source files

plugin_types.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL