Description
This affects the package snyk-broker before 4.73.0. It allows arbitrary file reads for users with access to Snyk's internal network via directory traversal.
Remediation
References
https://github.com/snyk/broker/commit/90e0bac07a800b7c4c6646097c9c89d6b878b429
https://security.snyk.io/vuln/SNYK-JS-SNYKBROKER-570608
https://updates.snyk.io/snyk-broker-security-fixes-152338
Related Vulnerabilities
CVE-2022-24279 Vulnerability in npm package madlib-object-utils
CVE-2022-35915 Vulnerability in maven package org.webjars.npm:openzeppelin__contracts
CVE-2023-26480 Vulnerability in maven package org.xwiki.platform:xwiki-platform-livedata-macro
CVE-2022-31190 Vulnerability in maven package org.dspace:dspace-xmlui
CVE-2023-45133 Vulnerability in maven package org.webjars.npm:babel-traverse