CVE-2020-7649

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in npm/snyk-broker

Identifiers

GHSA-gq75-5gc3-rfwg, CVE-2020-7649

Package Slug

npm/snyk-broker

Vulnerability

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Description

This affects the package snyk-broker before 4.73.0. It allows arbitrary file reads for users with access to Snyk's internal network via directory traversal.

Affected Versions

All versions before 4.73.0

Solution

Upgrade to version 4.73.0 or above.

Last Modified

2022-08-09

source