CVE-2020-7653

MEDIUM6.5EPSS 0.39%

Arbitrary File Read in Snyk Broker

Published: 6/3/2020Modified: 3/13/2026

Description

All versions of snyk-broker before 4.80.0 are vulnerable to Arbitrary File Read. It allows arbitrary file reads for users with access to Snyk's internal network by creating symlinks to match whitelisted paths.

Affected packages (1)

npm/snyk-brokerfrom 0, < 4.80.0

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	MEDIUM6.5	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

References (3)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2020-7653
WEBhttps://snyk.io/vuln/SNYK-JS-SNYKBROKER-570612
WEBhttps://updates.snyk.io/snyk-broker-security-fixes-152338