Description
All versions of snyk-broker after 4.72.0 including and before 4.73.1 are vulnerable to Arbitrary File Read. It allows arbitrary file reads to users with access to Snyk's internal network of any files ending in the following extensions: yaml, yml or json.
Remediation
References
https://snyk.io/vuln/SNYK-JS-SNYKBROKER-570609
https://updates.snyk.io/snyk-broker-security-fixes-152338
Related Vulnerabilities
CVE-2020-26245 Vulnerability in npm package systeminformation
CVE-2010-1157 Vulnerability in maven package org.apache.tomcat:catalina
CVE-2018-12536 Vulnerability in maven package org.eclipse.jetty:jetty-util
CVE-2015-0250 Vulnerability in maven package org.eclipse.birt.runtime.3_7_1:org.apache.batik.dom
CVE-2011-0534 Vulnerability in maven package org.apache.tomcat:coyote