Description
All versions of snyk-broker before 4.79.0 are vulnerable to Arbitrary File Read. It allows partial file reads for users who have access to Snyk's internal network via patch history from GitHub Commits API.
Remediation
References
https://snyk.io/vuln/SNYK-JS-SNYKBROKER-570610
https://updates.snyk.io/snyk-broker-security-fixes-152338
Related Vulnerabilities
CVE-2020-5219 Vulnerability in npm package angular-expressions
CVE-2013-2172 Vulnerability in maven package org.apache.santuario:xmlsec
CVE-2021-32860 Vulnerability in maven package org.webjars.npm:izimodal
CVE-2023-25576 Vulnerability in npm package @fastify/multipart
CVE-2012-3451 Vulnerability in maven package org.apache.cxf:cxf-bundle-jaxrs