CVE-2022-25937
6.5
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P
Summary
Versions of the package glance before 3.0.9 are vulnerable to Directory Traversal that allows users to read files outside the public root directory. This is related to but distinct from the vulnerability reported in CVE-2018-3715.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | glance | 0 < 3.0.9 | affected |
Weaknesses
- CWE-22: Directory Traversal
ADP Enrichment
CVE Program Container
Additional References
- https://security.snyk.io/vuln/SNYK-JS-GLANCE-3318395
- https://github.com/jarofghosts/glance/commit/8cecfe90286e0c45a5494067f1b592d0ccfeabac
CISA ADP Vulnrichment
- SSVC:
- Exploitation: poc
- Automatable: no
- Technical Impact: partial
References
- https://security.snyk.io/vuln/SNYK-JS-GLANCE-3318395
- https://github.com/jarofghosts/glance/commit/8cecfe90286e0c45a5494067f1b592d0ccfeabac
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.