CVE-2020-7653
N/A
N/A
Summary
All versions of snyk-broker before 4.80.0 are vulnerable to Arbitrary File Read. It allows arbitrary file reads for users with access to Snyk's internal network by creating symlinks to match whitelisted paths.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | snyk-broker | All versions before 4.80.0 | affected |
Weaknesses
- Arbitrary File Read
ADP Enrichment
CVE Program Container
Additional References
- https://snyk.io/vuln/SNYK-JS-SNYKBROKER-570612
- https://updates.snyk.io/snyk-broker-security-fixes-152338
References
- https://snyk.io/vuln/SNYK-JS-SNYKBROKER-570612
- https://updates.snyk.io/snyk-broker-security-fixes-152338
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.