CVE-2020-7650
Arbitrary File Read in Snyk Broker
6.5
MEDIUM
CVSS 3.1
EPSS 0.39%
Description
All versions of snyk-broker after 4.72.0 including and before 4.73.1 are vulnerable to Arbitrary File Read. It allows arbitrary file reads to users with access to Snyk's internal network of any files ending in the following extensions: yaml, yml or json.
How to fix CVE-2020-7650
To remediate CVE-2020-7650, upgrade the affected package to a fixed version below.
- —upgrade to 4.73.1 or later
Is CVE-2020-7650 being exploited?
Low — EPSS is 0.4%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 4.73.1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM6.5 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |