Description
All versions of snyk-broker before 4.80.0 are vulnerable to Arbitrary File Read. It allows arbitrary file reads for users with access to Snyk's internal network by creating symlinks to match whitelisted paths.
Remediation
References
https://updates.snyk.io/snyk-broker-security-fixes-152338
https://snyk.io/vuln/SNYK-JS-SNYKBROKER-570612
Related Vulnerabilities
CVE-2007-1358 Vulnerability in maven package tomcat:tomcat-http11
CVE-2020-2231 Vulnerability in maven package org.jenkins-ci.main:jenkins-core
CVE-2012-6662 Vulnerability in maven package org.fujion.webjars:jquery-ui
CVE-2022-34176 Vulnerability in maven package org.jenkins-ci.plugins:junit
CVE-2018-1322 Vulnerability in maven package org.apache.syncope:syncope-core