CVE-2020-7650

MEDIUM6.5EPSS 0.39%

Arbitrary File Read in Snyk Broker

Published: 6/3/2020Modified: 3/13/2026

Description

All versions of snyk-broker after 4.72.0 including and before 4.73.1 are vulnerable to Arbitrary File Read. It allows arbitrary file reads to users with access to Snyk's internal network of any files ending in the following extensions: yaml, yml or json.

Affected packages (1)

npm/snyk-brokerfrom 0, < 4.73.1

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	MEDIUM6.5	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

References (3)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2020-7650
WEBhttps://snyk.io/vuln/SNYK-JS-SNYKBROKER-570609
WEBhttps://updates.snyk.io/snyk-broker-security-fixes-152338