CVE-2020-7651

MEDIUM4.3EPSS 0.23%

Arbitrary File Read in Snyk Broker

Published: 6/3/2020Modified: 3/13/2026

Description

All versions of snyk-broker before 4.79.0 are vulnerable to Arbitrary File Read. It allows partial file reads for users who have access to Snyk's internal network via patch history from GitHub Commits API.

Affected packages (1)

npm/snyk-brokerfrom 0, < 4.79.0

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	MEDIUM4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

References (3)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2020-7651
WEBhttps://snyk.io/vuln/SNYK-JS-SNYKBROKER-570610
WEBhttps://updates.snyk.io/snyk-broker-security-fixes-152338