GHSA-x7m2-6g99-84w5

Опубликовано: 03 июн. 2020

Источник: github

Github: Прошло ревью

CVSS3: 6.5

Описание

Arbitrary File Read in Snyk Broker

All versions of snyk-broker before 4.80.0 are vulnerable to Arbitrary File Read. It allows arbitrary file reads for users with access to Snyk's internal network via directory traversal.

Ссылки

https://nvd.nist.gov/vuln/detail/CVE-2020-7652
https://snyk.io/vuln/SNYK-JS-SNYKBROKER-570611
https://updates.snyk.io/snyk-broker-security-fixes-152338

Пакеты

Наименование

snyk-broker

npm

Затронутые версииВерсия исправления

< 4.80.0

4.80.0

EPSS

Процентиль: 61%

0.00406

Низкий

6.5 Medium

CVSS3

CVE ID

CVE-2020-7652

Дефекты

CWE-22

Связанные уязвимости

CVE-2020-7652

CVSS3: 6.5

nvd

больше 5 лет назад

All versions of snyk-broker before 4.80.0 are vulnerable to Arbitrary File Read. It allows arbitrary file reads for users with access to Snyk's internal network via directory traversal.

EPSS

Процентиль: 61%

0.00406

Низкий

6.5 Medium

CVSS3

CVE ID

CVE-2020-7652

Дефекты

CWE-22