Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2022-25937 Vulnerability in npm package glance

Description

Versions of the package glance before 3.0.9 are vulnerable to Directory Traversal that allows users to read files outside the public root directory. This is related to but distinct from the vulnerability reported in [CVE-2018-3715](https://security.snyk.io/vuln/npm:glance:20180129).

Remediation

References

https://github.com/jarofghosts/glance/commit/8cecfe90286e0c45a5494067f1b592d0ccfeabac

https://security.snyk.io/vuln/SNYK-JS-GLANCE-3318395

Related Vulnerabilities

CVE-2022-32210 Vulnerability in maven package org.webjars.npm:undici

CVE-2023-37956 Vulnerability in maven package org.jenkins-ci.plugins:test-results-aggregator

CVE-2023-30517 Vulnerability in maven package io.jenkins.plugins:neuvector-vulnerability-scanner

CVE-2021-46708 Vulnerability in maven package com.microfocus.webjars:swagger-ui-dist

CVE-2020-28436 Vulnerability in npm package google-cloudstorage-commands

Severity

High

Classification

CWE-22 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Tags

Patch Exploit Third Party Advisory