VDB
KO
MEDIUM 4.3

GHSA-45hw-29x7-9x95

Arbitrary File Read in Snyk Broker

Details

All versions of snyk-broker before 4.79.0 are vulnerable to Arbitrary File Read. It allows partial file reads for users who have access to Snyk's internal network via patch history from GitHub Commits API.

Are you affected?

Enter the version of the package you're using.

Affected packages

npm / snyk-broker
Introduced in: 0 Fixed in: 4.79.0
Fix npm install snyk-broker@4.79.0

References