Description
glance node module before 3.0.4 suffers from a Path Traversal vulnerability due to lack of validation of path passed to it, which allows a malicious user to read content of any file with known path.
Remediation
References
https://hackerone.com/reports/310106
https://github.com/jarofghosts/glance/commit/8cfd88e44ebd3f07e3a2eaf376a3e758b6c4ca19
Related Vulnerabilities
CVE-2018-20227 Vulnerability in maven package org.eclipse.rdf4j:rdf4j-util
CVE-2023-26488 Vulnerability in npm package @openzeppelin/contracts-upgradeable
CVE-2022-25848 Vulnerability in npm package static-dev-server
CVE-2022-38749 Vulnerability in maven package org.yaml:snakeyaml
CVE-2022-0219 Vulnerability in maven package io.github.skylot:jadx-core