Description
All versions of snyk-broker before 4.80.0 are vulnerable to Arbitrary File Read. It allows arbitrary file reads for users with access to Snyk's internal network by creating symlinks to match whitelisted paths.
Remediation
References
https://snyk.io/vuln/SNYK-JS-SNYKBROKER-570612
https://updates.snyk.io/snyk-broker-security-fixes-152338
Related Vulnerabilities
CVE-2011-0013 Vulnerability in maven package org.apache.tomcat.embed:tomcat-embed-core
CVE-2020-13949 Vulnerability in maven package org.apache.thrift:libthrift
CVE-2022-35924 Vulnerability in npm package next-auth
CVE-2022-25206 Vulnerability in maven package org.jenkins-ci.plugins:dbcharts
CVE-2023-44487 Vulnerability in maven package org.eclipse.jetty.http2:http2-common