← back
CVE-2022-25937

CVE-2022-25937

CVSS 6.5 MEDIUMEPSS 1.1%CWE-22
Versions of the package glance before 3.0.9 are vulnerable to Directory Traversal that allows users to read files outside the public root directory. This is related to but distinct from the vulnerability reported in [CVE-2018-3715](https://security.snyk.io/vuln/npm:glance:20180129).
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P
Affected products
n/a · glance

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://github.com/jarofghosts/glance/commit/8cecfe90286e0c45a5494067f1b592d0ccfeabachttps://security.snyk.io/vuln/SNYK-JS-GLANCE-3318395