Description
glance node module before 3.0.4 suffers from a Path Traversal vulnerability due to lack of validation of path passed to it, which allows a malicious user to read content of any file with known path.
Remediation
References
https://github.com/jarofghosts/glance/commit/8cfd88e44ebd3f07e3a2eaf376a3e758b6c4ca19
https://hackerone.com/reports/310106
Related Vulnerabilities
CVE-2022-25766 Vulnerability in npm package ungit
CVE-2020-15362 Vulnerability in npm package wifiscanner
CVE-2020-28487 Vulnerability in maven package org.webjars.bowergithub.visjs:vis-timeline
CVE-2022-0122 Vulnerability in npm package node-forge
CVE-2020-28426 Vulnerability in npm package kill-process-on-port