2 matches found
CVE-2022-25937
Versions of the package glance before 3.0.9 are vulnerable to Directory Traversal that allows users to read files outside the public root directory. This is related to but distinct from the vulnerability reported in CVE-2018-3715...
CVE-2022-25937
CVE-2022-25937 affects the npm package “glance.” Versions before 3.0.9 are vulnerable to a directory traversal flaw that allows reading files outside the public root directory. The issue is a root-cause in path handling and is related to but distinct from CVE-2018-3715. The commonly cited fix is ...