x/vulndb: potential Go vuln in github.com/argoproj/argo-cd/v2: GHSA-jwv5-8mqv-g387

[GoVulnBot]

In GitHub Security Advisory GHSA-jwv5-8mqv-g387, there is a vulnerability in the following Go packages or modules:

Unit	Fixed	Vulnerable Ranges
github.com/argoproj/argo-cd/v2	2.8.12	>= 2.0.0, < 2.8.12

Cross references:

• Module github.com/argoproj/argo-cd/v2 appears in issue x/vulndb: potential Go vuln in github.com/argoproj/argo-cd/v2: GHSA-qq5v-f4c3-395c #869 NOT_IMPORTABLE
• Module github.com/argoproj/argo-cd/v2 appears in issue x/vulndb: potential Go vuln in github.com/argoproj/argo-cd/v2: GHSA-2q5c-qw9c-fmvq #1670 EFFECTIVELY_PRIVATE
• Module github.com/argoproj/argo-cd/v2 appears in issue x/vulndb: potential Go vuln in github.com/argoproj/argo-cd/v2: GHSA-xj7v-c82w-92q2 #1952 EFFECTIVELY_PRIVATE
• Module github.com/argoproj/argo-cd/v2 appears in issue x/vulndb: potential Go vuln in github.com/argoproj/argo-cd/v2: GHSA-6jqw-jwf5-rp8h #2085 EFFECTIVELY_PRIVATE
• Module github.com/argoproj/argo-cd/v2 appears in issue x/vulndb: potential Go vuln in github.com/argoproj/argo-cd: CVE-2023-25163 #1548

See doc/triage.md for instructions on how to triage this report.

modules:
    - module: github.com/argoproj/argo-cd/v2
      versions:
        - introduced: 2.0.0
          fixed: 2.8.12
      vulnerable_at: 2.8.11
      packages:
        - package: github.com/argoproj/argo-cd/v2
    - module: github.com/argoproj/argo-cd/v2
      versions:
        - introduced: 2.10.0
          fixed: 2.10.3
      vulnerable_at: 2.10.2
      packages:
        - package: github.com/argoproj/argo-cd/v2
    - module: github.com/argoproj/argo-cd/v2
      versions:
        - introduced: 2.9.0
          fixed: 2.9.8
      vulnerable_at: 2.9.7
      packages:
        - package: github.com/argoproj/argo-cd/v2
    - module: github.com/argoproj/argo-cd/v2
      versions:
        - introduced: TODO (earliest fixed "", vuln range ">= 1.0.0, < 1.8.7")
      packages:
        - package: github.com/argoproj/argo-cd
summary: Cross-site scripting on application summary component
cves:
    - CVE-2024-28175
ghsas:
    - GHSA-jwv5-8mqv-g387
references:
    - advisory: https://github.com/argoproj/argo-cd/security/advisories/GHSA-jwv5-8mqv-g387
    - web: https://nvd.nist.gov/vuln/detail/CVE-2024-28175
    - fix: https://github.com/argoproj/argo-cd/commit/479b5544b57dc9ef767d49f7003f39602c480b71
    - advisory: https://github.com/advisories/GHSA-jwv5-8mqv-g387

[gopherbot]

Change https://go.dev/cl/573555 mentions this issue: data/reports: add GO-2024-2646.yaml