CVE-2022-25937
MEDIUM6.5EPSS 0.74%Path traversal vulnerability in glance
發布日:2023/2/13修改日:2025/3/21
描述
Versions of the package glance before 3.0.9 are vulnerable to Directory Traversal that allows users to read files outside the public root directory. This is related to but distinct from the vulnerability reported in [CVE-2018-3715](https://security.snyk.io/vuln/npm:glance:20180129).
受影響套件(1)
- npm/glancefrom 0, < 3.0.9
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM6.5 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
參考連結(5)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2022-25937
- PATCHhttps://github.com/jarofghosts/glance
- WEBhttps://gist.github.com/lirantal/c8cfb0398c78e558b7d4ac02aae67809
- WEBhttps://github.com/jarofghosts/glance/commit/8cecfe90286e0c45a5494067f1b592d0ccfeabac
- WEBhttps://security.snyk.io/vuln/SNYK-JS-GLANCE-3318395