Versions of the package glance before 3.0.9 are vulnerable to Directory Traversal that allows users to read files outside the public root directory. This is related to but distinct from the vulnerability reported in [CVE-2018-3715](https://security.snyk.io/vuln/npm:glance:20180129).
References
Link | Resource |
---|---|
https://github.com/jarofghosts/glance/commit/8cecfe90286e0c45a5494067f1b592d0ccfeabac | Patch |
https://security.snyk.io/vuln/SNYK-JS-GLANCE-3318395 | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: snyk
Published: 2023-02-13T05:00:01.128Z
Updated:
Reserved: 2022-02-24T11:58:27.018Z
Link: CVE-2022-25937
JSON object: View
NVD Information
Status : Modified
Published: 2023-02-13T05:15:12.807
Modified: 2023-11-07T03:44:53.567
Link: CVE-2022-25937
JSON object: View
Redhat Information
No data.
CWE