CVE-2020-7649

Опубликовано: 25 июл. 2022

Источник: nvd

CVSS3: 4.9

EPSS Низкий

Описание

This affects the package snyk-broker before 4.73.0. It allows arbitrary file reads for users with access to Snyk's internal network via directory traversal.

Ссылки

https://github.com/snyk/broker/commit/90e0bac07a800b7c4c6646097c9c89d6b878b429
Patch
Third Party Advisory
https://security.snyk.io/vuln/SNYK-JS-SNYKBROKER-570608
Exploit
Vendor Advisory
https://updates.snyk.io/snyk-broker-security-fixes-152338
Vendor Advisory
https://github.com/snyk/broker/commit/90e0bac07a800b7c4c6646097c9c89d6b878b429
Patch
Third Party Advisory
https://security.snyk.io/vuln/SNYK-JS-SNYKBROKER-570608
Exploit
Vendor Advisory
https://updates.snyk.io/snyk-broker-security-fixes-152338
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:snyk:broker:*:*:*:*:*:node.js:*:*

Версия до 4.73.0 (исключая)

EPSS

Процентиль: 68%

0.00566

Низкий

4.9 Medium

CVSS3

Дефекты

CWE-22

Связанные уязвимости

GHSA-gq75-5gc3-rfwg