Description
All versions of snyk-broker before 4.79.0 are vulnerable to Arbitrary File Read. It allows partial file reads for users who have access to Snyk's internal network via patch history from GitHub Commits API.
Remediation
References
https://snyk.io/vuln/SNYK-JS-SNYKBROKER-570610
https://updates.snyk.io/snyk-broker-security-fixes-152338
Related Vulnerabilities
CVE-2022-31170 Vulnerability in npm package @openzeppelin/contracts
CVE-2017-18239 Vulnerability in maven package com.jason-goodwin:authentikat-jwt_2.11
CVE-2022-29167 Vulnerability in maven package org.webjars.npm:hawk
CVE-2023-46651 Vulnerability in maven package io.jenkins.plugins:warnings-ng
CVE-2017-5638 Vulnerability in maven package org.apache.struts:struts2-core