Description
All versions of snyk-broker before 4.80.0 are vulnerable to Arbitrary File Read. It allows arbitrary file reads for users with access to Snyk's internal network by creating symlinks to match whitelisted paths.
Remediation
References
https://snyk.io/vuln/SNYK-JS-SNYKBROKER-570612
https://updates.snyk.io/snyk-broker-security-fixes-152338
Related Vulnerabilities
CVE-2019-0205 Vulnerability in maven package org.apache.thrift:libthrift
CVE-2021-22134 Vulnerability in maven package org.elasticsearch:elasticsearch
CVE-2017-4971 Vulnerability in maven package org.springframework.webflow:spring-webflow
CVE-2017-20165 Vulnerability in maven package org.webjars.npm:debug