x/vulndb: potential Go vuln in github.com/argoproj/argo-workflows/v3: GHSA-h563-xh25-x54q

[GoVulnBot]

In GitHub Security Advisory GHSA-h563-xh25-x54q, there is a vulnerability in the following Go packages or modules:

Unit	Fixed	Vulnerable Ranges
github.com/argoproj/argo-workflows/v3	3.1.6	>= 3.1.0, < 3.1.6

Cross references:

• CVE-2021-37914 appears in issue x/vulndb: potential Go vuln in github.com/argoproj/argo-workflows/v3: CVE-2021-37914, GHSA-h563-xh25-x54q #928 NOT_IMPORTABLE
• GHSA-h563-xh25-x54q appears in issue x/vulndb: potential Go vuln in github.com/argoproj/argo-workflows/v3: CVE-2021-37914, GHSA-h563-xh25-x54q #928 NOT_IMPORTABLE

See doc/triage.md for instructions on how to triage this report.

modules:
  - module: TODO
    versions:
      - introduced: 3.1.0
        fixed: 3.1.6
    packages:
      - package: github.com/argoproj/argo-workflows/v3
description: |
    ### Impact

    * Allow end-users to set input parameters, but otherwise expect workflows to be secure.

    ### Patches

    Not yet.

    ### Workarounds

    * Set `EXPRESSION_TEMPLATES=false` for the workflow controller


    ### References

    * https://github.com/argoproj/argo-workflows/issues/6441

    ### For more information
    If you have any questions or comments about this advisory:
    * Open an issue in [example link to repo](http://example.com)
    * Email us at [example email address](mailto:example@example.com)
cves:
  - CVE-2021-37914
ghsas:
  - GHSA-h563-xh25-x54q

[tatianab]

Duplicate of #928