Description
All versions of snyk-broker before 4.80.0 are vulnerable to Arbitrary File Read. It allows arbitrary file reads for users with access to Snyk's internal network by creating symlinks to match whitelisted paths.
Remediation
References
https://snyk.io/vuln/SNYK-JS-SNYKBROKER-570612
https://updates.snyk.io/snyk-broker-security-fixes-152338
Related Vulnerabilities
CVE-2022-37616 Vulnerability in npm package xmldom
CVE-2023-28674 Vulnerability in maven package org.jenkinsci.plugins:octoperf
CVE-2014-7810 Vulnerability in maven package org.apache.tomcat:jasper
CVE-2022-21724 Vulnerability in maven package org.postgresql:postgresql
CVE-2019-10241 Vulnerability in maven package org.eclipse.jetty:jetty-util