Description
All versions of snyk-broker before 4.80.0 are vulnerable to Arbitrary File Read. It allows arbitrary file reads for users with access to Snyk's internal network by creating symlinks to match whitelisted paths.
Remediation
References
https://updates.snyk.io/snyk-broker-security-fixes-152338
https://snyk.io/vuln/SNYK-JS-SNYKBROKER-570612
Related Vulnerabilities
CVE-2023-40312 Vulnerability in maven package org.opennms:opennms-webapp
CVE-2019-10083 Vulnerability in maven package org.apache.nifi:nifi-web
CVE-2023-27987 Vulnerability in maven package org.apache.linkis:linkis-cli-application
CVE-2012-5883 Vulnerability in maven package org.webjars:yui
CVE-2019-12421 Vulnerability in maven package org.apache.nifi:nifi-nar-bundles