Rudra2018

**Name of the Vulnerable Software and Affected Versions** Argo Workflows versions prior to 3.7.14 Argo Workflows versions prior to 4.0.5 **Description** The Webhook Interceptor loads the entire request body into memory before authenticating the request or verifying its signature. This occurs on the '/api/v1/events/' endpoint, which is publicly accessible. An attacker can send a request with an extremely large body, causing the Argo Server to allocate excessive memory, which may lead to an Out-Of-Memory (OOM) crash and denial of service. This issue is located in the `addWebhookAuthorization()` function within the `server/auth/webhook` component. **Recommendations** Update to version 3.7.14 or later. Update to version 4.0.5 or later. Enforce a strict limit on webhook body size using `http.MaxBytesReader`. Implement streaming verification for signatures or use temporary files for large payloads.