Description
All versions of snyk-broker after 4.72.0 including and before 4.73.1 are vulnerable to Arbitrary File Read. It allows arbitrary file reads to users with access to Snyk's internal network of any files ending in the following extensions: yaml, yml or json.
Remediation
References
https://updates.snyk.io/snyk-broker-security-fixes-152338
https://snyk.io/vuln/SNYK-JS-SNYKBROKER-570609
Related Vulnerabilities
CVE-2016-6651 Vulnerability in maven package org.cloudfoundry.identity:cloudfoundry-identity-server
CVE-2019-17638 Vulnerability in maven package org.eclipse.jetty:jetty-server
CVE-2019-10247 Vulnerability in maven package org.eclipse.jetty:jetty-server
CVE-2019-10080 Vulnerability in maven package org.apache.nifi:nifi-security-utils
CVE-2023-41080 Vulnerability in maven package org.apache.tomcat:tomcat