CVE-2020-7651
Arbitrary File Read in Snyk Broker
4.3
MEDIUM
CVSS 3.1
EPSS 0.23%
Description
All versions of snyk-broker before 4.79.0 are vulnerable to Arbitrary File Read. It allows partial file reads for users who have access to Snyk's internal network via patch history from GitHub Commits API.
How to fix CVE-2020-7651
To remediate CVE-2020-7651, upgrade the affected package to a fixed version below.
- npm/snyk-broker—upgrade to 4.79.0 or later
Is CVE-2020-7651 being exploited?
Low — EPSS is 0.2%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 4.79.0
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM4.3 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |