Vulnerability on argoproj-labs project

[ankitdn]

While working with the argoproj-lab project, this vulnerability was identified in the use of Argo CD (this dependency used by argoproj-lab). The vulnerability stems from inadequate filtering of user-inputted URLs, allowing the injection of malicious javascript: protocol handlers. This issue affects users who can edit repository configurations within Argo CD.

CVE Link
CVE Report

[chengfang]

@ankitdn thanks for reporting this issue. This CVE has been fixed in #1144 in master branch. If anything is needed, feel free to add comments here.