CVE-2020-7653
Arbitrary File Read in Snyk Broker
6.5
MEDIUM
CVSS 3.1
EPSS 0.39%
Description
All versions of snyk-broker before 4.80.0 are vulnerable to Arbitrary File Read. It allows arbitrary file reads for users with access to Snyk's internal network by creating symlinks to match whitelisted paths.
How to fix CVE-2020-7653
To remediate CVE-2020-7653, upgrade the affected package to a fixed version below.
- npm/snyk-broker—upgrade to 4.80.0 or later
Is CVE-2020-7653 being exploited?
Low — EPSS is 0.4%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 4.80.0
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM6.5 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |