0.001 Low
EPSS
Percentile
26.5%
glance is vulnerable to Path Traversal. The vulnerability exists because the library does not properly sanitize relative paths in index.js, allowing an attacker to read files outside the public root directory by providing malicious relative paths.
index.js
github.com/advisories/GHSA-3hjh-5hgx-f5wh
github.com/jarofghosts/glance/commit/8cecfe90286e0c45a5494067f1b592d0ccfeabac
github.com/jarofghosts/glance/pull/28