CVE-2020-7650

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2020-7650

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-7650.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2020-7650

Aliases

GHSA-2fmp-7xwf-wvwr

Related

SNYK-JS-SNYKBROKER-570609

Published

2020-05-29T22:15:10Z

Modified

2025-02-19T03:12:39.008185Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

All versions of snyk-broker after 4.72.0 including and before 4.73.1 are vulnerable to Arbitrary File Read. It allows arbitrary file reads to users with access to Snyk's internal network of any files ending in the following extensions: yaml, yml or json.

References

Affected packages

Git / github.com/snyk/broker

Affected ranges

Type: GIT
Repo: https://github.com/snyk/broker
Events: Introduced

2df4fd6c9cbdd44907e155466e4f91abe45da8b9

Fixed

db5c5f5e977f17c72c1f7cf645456ab7abf4e078

Affected versions

v4.*

v4.72.0

v4.72.1

v4.72.2

v4.73.0