Description

Versions of the package glance before 3.0.9 are vulnerable to Directory Traversal that allows users to read files outside the public root directory. This is related to but distinct from the vulnerability reported in [CVE-2018-3715](https://security.snyk.io/vuln/npm:glance:20180129).

Remediation

References

https://github.com/jarofghosts/glance/commit/8cecfe90286e0c45a5494067f1b592d0ccfeabac

https://security.snyk.io/vuln/SNYK-JS-GLANCE-3318395

Related Vulnerabilities

CVE-2022-23708 Vulnerability in maven package org.elasticsearch:elasticsearch

CVE-2023-30527 Vulnerability in maven package org.jenkins-ci.plugins:wso2id-oauth

CVE-2021-41183 Vulnerability in maven package org.webjars.bowergithub.jquery:jquery-ui

CVE-2021-21318 Vulnerability in maven package org.opencastproject:opencast-search-service-impl

CVE-2022-3783 Vulnerability in npm package node-red-dashboard

Severity

High

Classification

CWE-22 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Tags

Patch Exploit Third Party Advisory