Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1ncTc1LTVnYzMtcmZ3Z84AAto_
snyk-broker Path Traversal before v4.73.0
This affects the package snyk-broker before 4.73.0. It allows arbitrary file reads for users with access to Snyk's internal network via directory traversal.
Permalink: https://github.com/advisories/GHSA-gq75-5gc3-rfwgJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1ncTc1LTVnYzMtcmZ3Z84AAto_
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: over 2 years ago
Updated: almost 2 years ago
CVSS Score: 4.9
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
EPSS Percentage: 0.00137
EPSS Percentile: 0.49576
Identifiers: GHSA-gq75-5gc3-rfwg, CVE-2020-7649
References:
- https://nvd.nist.gov/vuln/detail/CVE-2020-7649
- https://github.com/snyk/broker/commit/90e0bac07a800b7c4c6646097c9c89d6b878b429
- https://security.snyk.io/vuln/SNYK-JS-SNYKBROKER-570608
- https://updates.snyk.io/snyk-broker-security-fixes-152338
- https://github.com/snyk/broker/releases/tag/v4.73.0
- https://github.com/advisories/GHSA-gq75-5gc3-rfwg
Blast Radius: 1.5
Affected Packages
npm:snyk-broker
Dependent packages: 0Dependent repositories: 2
Downloads: 2,241 last month
Affected Version Ranges: < 4.73.0
Fixed in: 4.73.0
All affected versions: 1.0.0, 1.1.0, 2.0.0, 2.0.1, 2.1.0, 2.1.1, 2.2.0, 2.3.0, 2.4.0, 2.4.1, 2.5.0, 2.6.0, 2.6.1, 2.7.0, 2.8.0, 3.0.0, 3.0.1, 3.1.0, 3.1.1, 3.1.2, 3.2.0, 3.3.0, 3.3.1, 3.3.2, 3.4.0, 3.5.0, 3.6.0, 3.6.1, 3.7.0, 3.7.1, 3.7.2, 3.9.0, 3.9.1, 3.10.0, 3.10.1, 3.10.2, 3.11.0, 3.11.1, 4.2.0, 4.3.0, 4.3.1, 4.3.2, 4.4.0, 4.4.1, 4.4.2, 4.4.3, 4.5.0, 4.6.0, 4.7.0, 4.8.0, 4.9.0, 4.9.1, 4.10.0, 4.10.1, 4.10.2, 4.11.0, 4.11.1, 4.12.0, 4.13.0, 4.13.1, 4.14.0, 4.14.1, 4.14.2, 4.15.0, 4.15.1, 4.15.2, 4.16.0, 4.16.1, 4.16.2, 4.16.3, 4.17.0, 4.18.0, 4.18.1, 4.18.2, 4.18.3, 4.18.4, 4.19.0, 4.19.1, 4.20.0, 4.21.0, 4.21.1, 4.22.0, 4.23.0, 4.24.0, 4.24.1, 4.25.0, 4.26.0, 4.26.1, 4.26.2, 4.27.0, 4.28.0, 4.28.1, 4.28.2, 4.28.3, 4.28.4, 4.29.0, 4.30.0, 4.30.1, 4.30.2, 4.30.3, 4.31.0, 4.31.1, 4.31.2, 4.32.0, 4.33.0, 4.33.1, 4.34.0, 4.34.1, 4.35.0, 4.35.1, 4.36.0, 4.37.0, 4.38.0, 4.38.1, 4.39.0, 4.40.0, 4.41.0, 4.41.1, 4.42.0, 4.43.0, 4.44.0, 4.45.0, 4.45.1, 4.46.0, 4.47.0, 4.47.1, 4.48.0, 4.48.1, 4.48.2, 4.48.3, 4.48.4, 4.49.0, 4.49.1, 4.49.2, 4.49.3, 4.49.4, 4.50.0, 4.51.0, 4.51.1, 4.52.0, 4.53.0, 4.54.0, 4.55.0, 4.55.1, 4.56.0, 4.57.0, 4.58.0, 4.59.0, 4.59.1, 4.60.0, 4.61.0, 4.62.0, 4.62.1, 4.63.0, 4.64.0, 4.65.0, 4.66.0, 4.66.1, 4.67.0, 4.68.0, 4.68.1, 4.68.2, 4.68.3, 4.69.0, 4.69.1, 4.69.2, 4.69.3, 4.69.4, 4.69.5, 4.70.0, 4.71.0, 4.72.0, 4.72.1, 4.72.2
All unaffected versions: 4.73.0, 4.73.1, 4.74.0, 4.75.0, 4.75.1, 4.75.2, 4.76.0, 4.77.0, 4.78.0, 4.79.0, 4.79.1, 4.80.0, 4.81.0, 4.82.0, 4.82.1, 4.83.0, 4.84.0, 4.85.0, 4.85.1, 4.86.0, 4.87.0, 4.87.1, 4.88.0, 4.89.0, 4.89.1, 4.90.0, 4.90.1, 4.90.2, 4.91.0, 4.91.1, 4.92.0, 4.92.1, 4.93.0, 4.94.0, 4.94.1, 4.94.2, 4.95.0, 4.96.0, 4.96.1, 4.97.0, 4.97.1, 4.97.2, 4.98.0, 4.99.0, 4.100.0, 4.100.1, 4.100.2, 4.100.3, 4.100.4, 4.100.5, 4.101.0, 4.102.0, 4.102.1, 4.103.0, 4.104.0, 4.104.1, 4.105.0, 4.106.0, 4.107.0, 4.108.0, 4.109.0, 4.109.1, 4.109.2, 4.110.0, 4.110.1, 4.110.2, 4.111.0, 4.112.0, 4.112.1, 4.113.0, 4.113.1, 4.113.2, 4.113.3, 4.114.0, 4.114.1, 4.115.0, 4.115.1, 4.115.2, 4.115.3, 4.116.0, 4.116.1, 4.116.2, 4.117.0, 4.117.1, 4.118.0, 4.118.1, 4.118.2, 4.119.0, 4.120.0, 4.121.0, 4.121.1, 4.121.2, 4.121.3, 4.122.0, 4.123.0, 4.124.0, 4.124.1, 4.125.0, 4.126.0, 4.126.1, 4.126.2, 4.127.0, 4.127.1, 4.128.0, 4.129.0, 4.129.1, 4.129.2, 4.130.0, 4.131.0, 4.132.0, 4.132.1, 4.133.0, 4.134.0, 4.135.0, 4.136.0, 4.137.0, 4.137.1, 4.137.2, 4.137.3, 4.137.4, 4.137.5, 4.137.6, 4.137.7, 4.137.8, 4.137.9, 4.137.10, 4.138.0, 4.138.1, 4.138.2, 4.138.3, 4.138.4, 4.139.0, 4.140.0, 4.140.1, 4.141.0, 4.141.1, 4.141.2, 4.141.3, 4.141.4, 4.141.5, 4.141.6, 4.141.7, 4.141.8, 4.141.9, 4.141.10, 4.141.11, 4.141.12, 4.141.13, 4.142.0, 4.142.1, 4.142.2, 4.143.0, 4.143.1, 4.143.2, 4.143.3, 4.143.4, 4.144.0, 4.144.1, 4.145.0, 4.145.1, 4.146.0, 4.146.1, 4.146.2, 4.147.0, 4.148.0, 4.149.0, 4.150.0, 4.150.1, 4.151.0, 4.152.0, 4.153.0, 4.153.1, 4.154.0, 4.154.1, 4.154.2, 4.155.0, 4.156.0, 4.156.1, 4.157.0, 4.157.1, 4.157.2, 4.157.3, 4.157.4, 4.157.5, 4.158.0, 4.158.1, 4.159.0, 4.160.0, 4.160.1, 4.160.2, 4.160.3, 4.161.0, 4.161.1, 4.161.2, 4.161.3, 4.161.4, 4.161.5, 4.162.0, 4.162.1, 4.163.0, 4.164.0, 4.164.1, 4.164.2, 4.165.0, 4.165.1, 4.165.2, 4.165.3, 4.165.4, 4.165.5, 4.165.6, 4.165.7, 4.165.8, 4.166.0, 4.166.1, 4.166.2, 4.166.3, 4.167.0, 4.168.0, 4.168.1, 4.168.2, 4.168.3, 4.168.4, 4.168.5, 4.169.0, 4.169.1, 4.169.2, 4.169.3, 4.170.0, 4.170.1, 4.170.2, 4.171.0, 4.171.1, 4.171.2, 4.171.3, 4.171.4, 4.171.5, 4.171.6, 4.171.7, 4.171.8, 4.171.9, 4.171.10, 4.172.0, 4.172.1, 4.172.2, 4.172.3, 4.172.4, 4.172.5, 4.172.6, 4.173.0, 4.173.1, 4.173.2, 4.173.3, 4.174.0, 4.174.1, 4.175.0, 4.176.0, 4.176.1, 4.176.2, 4.176.3, 4.176.4, 4.176.5, 4.176.6, 4.176.7, 4.176.8, 4.176.9, 4.177.0, 4.177.1, 4.177.2, 4.177.3, 4.177.4, 4.177.5, 4.177.6, 4.177.7, 4.177.8, 4.177.9, 4.177.10, 4.177.11, 4.177.12, 4.178.0, 4.179.0, 4.179.1, 4.179.2, 4.179.3, 4.179.4, 4.179.5, 4.179.6, 4.180.0, 4.181.0, 4.181.1, 4.181.2, 4.181.3, 4.181.4, 4.181.5, 4.182.0, 4.182.1, 4.183.0, 4.184.0, 4.185.0, 4.186.0, 4.186.1, 4.186.2, 4.186.3, 4.186.4, 4.186.5, 4.186.6, 4.186.7, 4.186.8, 4.186.9, 4.187.0, 4.187.1, 4.187.2, 4.187.3, 4.187.4, 4.187.5, 4.188.0, 4.189.0, 4.189.1, 4.189.2, 4.190.0, 4.190.1, 4.190.2, 4.190.3, 4.191.0, 4.191.1, 4.191.2, 4.191.3, 4.191.4, 4.192.0, 4.193.0, 4.193.1, 4.193.2, 4.193.3, 4.193.4, 4.193.5, 4.194.0, 4.194.1, 4.194.2, 4.194.3, 4.195.0, 4.195.1, 4.195.2, 4.195.3, 4.196.0, 4.196.1, 4.196.2, 4.196.3, 4.196.4, 4.196.5, 4.196.6, 4.196.7, 4.196.8, 4.197.0, 4.197.1, 4.197.2, 4.198.0, 4.198.1, 4.198.2, 4.199.0, 4.200.0, 4.201.0, 4.202.0, 4.202.1, 4.202.2, 4.202.3, 4.202.4, 4.203.0, 4.203.1, 4.203.2, 4.203.3, 4.203.4