Meenakshisl

**Name of the Vulnerable Software and Affected Versions** Argo Workflows versions 3.6.13 and below Argo Workflows versions 3.7.0 through 3.7.4 **Description** Argo Workflows, a container-native workflow engine for Kubernetes, has an issue with unsafe untar code that improperly handles symbolic links within archives. A flaw exists in how a link's target is calculated and checked. This allows an attacker to overwrite the file `/var/run/argo/argoexec` with a malicious script, which would then be executed when the pod starts. The previously deployed patch is ineffective against archives containing malicious symbolic links. **Recommendations** Update to Argo Workflows version 3.6.14 or later. Update to Argo Workflows version 3.7.5 or later.