Description
All versions of snyk-broker before 4.80.0 are vulnerable to Arbitrary File Read. It allows arbitrary file reads for users with access to Snyk's internal network by creating symlinks to match whitelisted paths.
Remediation
References
https://snyk.io/vuln/SNYK-JS-SNYKBROKER-570612
https://updates.snyk.io/snyk-broker-security-fixes-152338
Related Vulnerabilities
CVE-2014-0113 Vulnerability in maven package org.apache.struts:struts2-core
CVE-2023-45137 Vulnerability in maven package org.xwiki.platform:xwiki-platform-web-templates
CVE-2023-34468 Vulnerability in maven package org.apache.nifi:nifi-hikari-dbcp-service
CVE-2023-24457 Vulnerability in maven package org.jenkins-ci.plugins:keycloak
CVE-2019-19135 Vulnerability in maven package org.eclipse.milo:sdk-client