Description
All versions of snyk-broker after 4.72.0 including and before 4.73.1 are vulnerable to Arbitrary File Read. It allows arbitrary file reads to users with access to Snyk's internal network of any files ending in the following extensions: yaml, yml or json.
Remediation
References
https://snyk.io/vuln/SNYK-JS-SNYKBROKER-570609
https://updates.snyk.io/snyk-broker-security-fixes-152338
Related Vulnerabilities
CVE-2021-32808 Vulnerability in maven package org.webjars.npm:ckeditor4
CVE-2023-50767 Vulnerability in maven package org.sonatype.nexus.ci:nexus-jenkins-plugin
CVE-2020-7660 Vulnerability in maven package org.webjars.npm:serialize-javascript
CVE-2023-35926 Vulnerability in npm package @backstage/plugin-scaffolder-backend
CVE-2023-32313 Vulnerability in maven package org.webjars.npm:vm2