Lookup for vulnerable packages by Package URL.
| Purl | pkg:npm/snyk-broker@4.4.3 |
|---|
| Type | npm |
|---|
| Namespace | |
|---|
| Name | snyk-broker |
|---|
| Version | 4.4.3 |
|---|
| Qualifiers |
|
|---|
| Subpath | |
|---|
| Is_vulnerable | true |
|---|
| Next_non_vulnerable_version | 4.80.0 |
|---|
| Latest_non_vulnerable_version | 4.80.0 |
|---|
| Affected_by_vulnerabilities |
| 0 |
| url |
VCID-4rqx-m8z2-xyfx |
| vulnerability_id |
VCID-4rqx-m8z2-xyfx |
| summary |
Information Exposure
snyk-broker is vulnerable to Arbitrary File Read. It allows arbitrary file reads for users who have access to Snyk's internal network by appending the URL with a fragment identifier and a path e.g., `#package.json`. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2020-7648, GHSA-9xv2-548x-5h79
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-4rqx-m8z2-xyfx |
|
| 1 |
| url |
VCID-581p-rh6t-uqeu |
| vulnerability_id |
VCID-581p-rh6t-uqeu |
| summary |
Information Exposure
snyk-broker is vulnerable to Arbitrary File Read. It allows partial file reads for users who have access to Snyk's internal network via patch history from GitHub Commits API. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2020-7651, GHSA-45hw-29x7-9x95
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-581p-rh6t-uqeu |
|
| 2 |
| url |
VCID-j98t-ahrh-jkfb |
| vulnerability_id |
VCID-j98t-ahrh-jkfb |
| summary |
Information Exposure
snyk-broker is vulnerable to Arbitrary File Read. It allows arbitrary file reads for users with access to Snyk's internal network by creating symlinks to match certain paths. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2020-7653, GHSA-4vj3-f849-5r48
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-j98t-ahrh-jkfb |
|
| 3 |
| url |
VCID-n26x-qjyj-juf7 |
| vulnerability_id |
VCID-n26x-qjyj-juf7 |
| summary |
Path Traversal
snyk-broker is vulnerable to Arbitrary File Read. It allows arbitrary file reads for users with access to Snyk's internal network via directory traversal. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2020-7652, GHSA-x7m2-6g99-84w5
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-n26x-qjyj-juf7 |
|
| 4 |
|
|
|---|
| Fixing_vulnerabilities |
|
|---|
| Risk_score | 4.0 |
|---|
| Resource_url | http://public2.vulnerablecode.io/packages/pkg:npm/snyk-broker@4.4.3 |
|---|