81 matches found
CVE-2020-7648
All versions of snyk-broker before 4.72.2 are vulnerable to Arbitrary File Read. It allows arbitrary file reads for users who have access to Snyk's internal network by appending the URL with a fragment identifier and a whitelisted path e.g. package.json...
CVE-2020-7653
All versions of snyk-broker before 4.80.0 are vulnerable to Arbitrary File Read. It allows arbitrary file reads for users with access to Snyk's internal network by creating symlinks to match whitelisted paths...
CVE-2020-7650
All versions of snyk-broker after 4.72.0 including and before 4.73.1 are vulnerable to Arbitrary File Read. It allows arbitrary file reads to users with access to Snyk's internal network of any files ending in the following extensions: yaml, yml or json...
CVE-2020-7654
All versions of snyk-broker before 4.73.1 are vulnerable to Information Exposure. It logs private keys if logging level is set to DEBUG...
EUVD-2020-0448
Malware in sbrugna...
EUVD-2020-0476
Malware in sbrugna...
EUVD-2020-0523
Malware in sbrugna...
EUVD-2020-0459
Malware in sbrugna...
EUVD-2020-0455
Malware in sbrugna...
EUVD-2020-0498
Malware in sbrugna...
EUVD-2022-6340
Malicious code in bioql PyPI...
CVE-2020-7652
All versions of snyk-broker before 4.80.0 are vulnerable to Arbitrary File Read. It allows arbitrary file reads for users with access to Snyk's internal network via directory traversal...
CVE-2020-7651
All versions of snyk-broker before 4.79.0 are vulnerable to Arbitrary File Read. It allows partial file reads for users who have access to Snyk's internal network via patch history from GitHub Commits API...
Directory Traversal
snyk-broker is vulnerable to directory traversal. The vulnerability exists in exports function in index.js when reading configs which allows an attacker to traverse through the directories to read and write on files...
GHSA-GQ75-5GC3-RFWG snyk-broker Path Traversal before v4.73.0
This affects the package snyk-broker before 4.73.0. It allows arbitrary file reads for users with access to Snyk's internal network via directory traversal...
snyk-broker Path Traversal before v4.73.0
This affects the package snyk-broker before 4.73.0. It allows arbitrary file reads for users with access to Snyk's internal network via directory traversal...
CVE-2020-7649
This affects the package snyk-broker before 4.73.0. It allows arbitrary file reads for users with access to Snyk's internal network via directory traversal...
CVE-2020-7649
This affects the package snyk-broker before 4.73.0. It allows arbitrary file reads for users with access to Snyk's internal network via directory traversal...
CVE-2020-7649
CVE-2020-7649 affects the package snyk-broker prior to version 4.73.0. The vulnerability is a directory traversal issue (in the exports function when reading configs) that allows an attacker with access to Snyk’s internal network to read arbitrary files. Impact: confidentiality of data could be e...
snyk-broker 路径遍历漏洞
snyk-broker is a proxy program for access between snyk.io and Git repositories. A security vulnerability exists in snyk-broker versions prior to 4.73.0, which stems from the package's susceptibility to directory traversal, and can be exploited by an attacker to access read arbitrary files...