CVE-2022-25937
MEDIUM6.5EPSS 0.74%Path traversal vulnerability in glance
Published: 2/13/2023Modified: 3/21/2025
Also known as:GHSA-3hjh-5hgx-f5wh
Description
Versions of the package glance before 3.0.9 are vulnerable to Directory Traversal that allows users to read files outside the public root directory. This is related to but distinct from the vulnerability reported in [CVE-2018-3715](https://security.snyk.io/vuln/npm:glance:20180129).
Affected packages (1)
- npm/glancefrom 0, < 3.0.9
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM6.5 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
References (5)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2022-25937
- PATCHhttps://github.com/jarofghosts/glance
- WEBhttps://gist.github.com/lirantal/c8cfb0398c78e558b7d4ac02aae67809
- WEBhttps://github.com/jarofghosts/glance/commit/8cecfe90286e0c45a5494067f1b592d0ccfeabac
- WEBhttps://security.snyk.io/vuln/SNYK-JS-GLANCE-3318395