Description

All versions of snyk-broker before 4.79.0 are vulnerable to Arbitrary File Read. It allows partial file reads for users who have access to Snyk's internal network via patch history from GitHub Commits API.

Remediation

References

https://updates.snyk.io/snyk-broker-security-fixes-152338

https://snyk.io/vuln/SNYK-JS-SNYKBROKER-570610

Related Vulnerabilities

CVE-2023-50730 Vulnerability in maven package org.typelevel:grackle-core_3

CVE-2022-43405 Vulnerability in maven package io.jenkins.plugins:pipeline-groovy-lib

CVE-2018-3821 Vulnerability in npm package kibana

CVE-2020-6427 Vulnerability in maven package org.webjars.npm:electron

CVE-2022-34169 Vulnerability in maven package xalan:xalan

Severity

Medium

Classification

CWE-22 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Tags

Vendor Advisory Patch