Lucene search
K

81 matches found

RedhatCVE
RedhatCVE
added 2026/01/09 10:0 a.m.10 views

CVE-2020-7648

All versions of snyk-broker before 4.72.2 are vulnerable to Arbitrary File Read. It allows arbitrary file reads for users who have access to Snyk's internal network by appending the URL with a fragment identifier and a whitelisted path e.g. package.json...

6.5CVSS7AI score0.0113EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:59 a.m.10 views

CVE-2020-7653

All versions of snyk-broker before 4.80.0 are vulnerable to Arbitrary File Read. It allows arbitrary file reads for users with access to Snyk's internal network by creating symlinks to match whitelisted paths...

6.5CVSS6.9AI score0.0113EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:59 a.m.10 views

CVE-2020-7650

All versions of snyk-broker after 4.72.0 including and before 4.73.1 are vulnerable to Arbitrary File Read. It allows arbitrary file reads to users with access to Snyk's internal network of any files ending in the following extensions: yaml, yml or json...

6.5CVSS6.9AI score0.0113EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:58 a.m.10 views

CVE-2020-7654

All versions of snyk-broker before 4.73.1 are vulnerable to Information Exposure. It logs private keys if logging level is set to DEBUG...

7.5CVSS6.8AI score0.01122EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.9 views

EUVD-2020-0448

Malware in sbrugna...

6.5CVSS6.4AI score0.0113EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2020-0476

Malware in sbrugna...

6.5CVSS6.4AI score0.0113EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2020-0523

Malware in sbrugna...

6.5CVSS6.4AI score0.01685EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2020-0459

Malware in sbrugna...

6.5CVSS6.4AI score0.0113EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2020-0455

Malware in sbrugna...

4.3CVSS4.7AI score0.01115EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2020-0498

Malware in sbrugna...

7.5CVSS7.5AI score0.01122EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2022-6340

Malicious code in bioql PyPI...

4.9CVSS5.1AI score0.01307EPSS
Exploits1References6
RedhatCVE
RedhatCVE
added 2025/05/22 5:52 p.m.10 views

CVE-2020-7652

All versions of snyk-broker before 4.80.0 are vulnerable to Arbitrary File Read. It allows arbitrary file reads for users with access to Snyk's internal network via directory traversal...

6.5CVSS7AI score0.01685EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:49 p.m.11 views

CVE-2020-7651

All versions of snyk-broker before 4.79.0 are vulnerable to Arbitrary File Read. It allows partial file reads for users who have access to Snyk's internal network via patch history from GitHub Commits API...

4.3CVSS6.7AI score0.01115EPSS
Exploits0References1
Veracode
Veracode
added 2022/07/26 6:10 a.m.21 views

Directory Traversal

snyk-broker is vulnerable to directory traversal. The vulnerability exists in exports function in index.js when reading configs which allows an attacker to traverse through the directories to read and write on files...

4.9CVSS5.4AI score0.01307EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2022/07/26 12:1 a.m.23 views

GHSA-GQ75-5GC3-RFWG snyk-broker Path Traversal before v4.73.0

This affects the package snyk-broker before 4.73.0. It allows arbitrary file reads for users with access to Snyk's internal network via directory traversal...

4.9CVSS5.1AI score0.01307EPSS
Exploits1References6
Github Security Blog
Github Security Blog
added 2022/07/26 12:1 a.m.22 views

snyk-broker Path Traversal before v4.73.0

This affects the package snyk-broker before 4.73.0. It allows arbitrary file reads for users with access to Snyk's internal network via directory traversal...

4.9CVSS5.6AI score0.01307EPSS
Exploits1References6Affected Software1
NVD
NVD
added 2022/07/25 2:15 p.m.20 views

CVE-2020-7649

This affects the package snyk-broker before 4.73.0. It allows arbitrary file reads for users with access to Snyk's internal network via directory traversal...

4.9CVSS0.01307EPSS
Exploits1References3
OSV
OSV
added 2022/07/25 2:15 p.m.15 views

CVE-2020-7649

This affects the package snyk-broker before 4.73.0. It allows arbitrary file reads for users with access to Snyk's internal network via directory traversal...

4.9CVSS5.3AI score
Exploits0References3
CVE
CVE
added 2022/07/25 2:7 p.m.57 views

CVE-2020-7649

CVE-2020-7649 affects the package snyk-broker prior to version 4.73.0. The vulnerability is a directory traversal issue (in the exports function when reading configs) that allows an attacker with access to Snyk’s internal network to read arbitrary files. Impact: confidentiality of data could be e...

4.9CVSS5.1AI score0.01307EPSS
Exploits1References3Affected Software1
CNNVD
CNNVD
added 2022/07/25 12:0 a.m.3 views

snyk-broker 路径遍历漏洞

snyk-broker is a proxy program for access between snyk.io and Git repositories. A security vulnerability exists in snyk-broker versions prior to 4.73.0, which stems from the package's susceptibility to directory traversal, and can be exploited by an attacker to access read arbitrary files...

4.9CVSS5.5AI score0.01307EPSS
Exploits1References4
Rows per page
Query Builder