CVE-2020-7653

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2020-7653

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-7653.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2020-7653

Aliases

GHSA-4vj3-f849-5r48

Related

SNYK-JS-SNYKBROKER-570612

Published

2020-05-29T21:15:10.227Z

Modified

2025-11-14T11:08:33.637810Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

All versions of snyk-broker before 4.80.0 are vulnerable to Arbitrary File Read. It allows arbitrary file reads for users with access to Snyk's internal network by creating symlinks to match whitelisted paths.

References

Affected packages

Git / github.com/snyk/broker

Affected ranges

Type: GIT
Repo: https://github.com/snyk/broker
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

fd222b7b24eafe12c8484fe29e03d32859cd10e5

Affected versions

v1.*

v1.0.0

v1.1.0

v2.*

v2.0.0

v2.0.1

v2.1.0

v2.1.1

v2.2.0

v2.3.0

v2.4.0

v2.4.1

v2.5.0

v2.6.1

v2.7.0

v2.8.0

v3.*

v3.0.0

v3.0.1

v3.1.0

v3.1.1

v3.1.2

v3.10.0

v3.10.1

v3.10.2

v3.11.0

v3.11.1

v3.2.0

v3.3.0

v3.3.1

v3.3.2

v3.4.0

v3.5.0

v3.6.0

v3.6.1

v3.7.0

v3.7.1

v3.7.2

v3.8.0

v3.9.0

v3.9.1

v4.*

v4.10.0

v4.10.1

v4.10.2

v4.11.0

v4.11.1

v4.12.0

v4.13.0

v4.13.1

v4.14.0

v4.14.1

v4.14.2

v4.15.0

v4.15.1

v4.15.2

v4.16.0

v4.16.1

v4.16.2

v4.16.3

v4.17.0

v4.18.0

v4.18.1

v4.18.2

v4.18.3

v4.18.4

v4.19.0

v4.19.1

v4.2.0

v4.20.0

v4.21.0

v4.21.1

v4.22.0

v4.23.0

v4.24.0

v4.24.1

v4.25.0

v4.26.0

v4.26.1

v4.26.2

v4.27.0

v4.28.0

v4.28.1

v4.28.2

v4.28.3

v4.28.4

v4.29.0

v4.3.0

v4.3.1

v4.3.2

v4.30.0

v4.30.1

v4.30.2

v4.30.3

v4.31.0

v4.31.1

v4.31.2

v4.32.0

v4.33.0

v4.33.1

v4.34.0

v4.34.1

v4.35.0

v4.35.1

v4.36.0

v4.37.0

v4.38.0

v4.38.1

v4.39.0

v4.4.0

v4.4.1

v4.4.2

v4.4.3

v4.40.0

v4.41.0

v4.41.1

v4.42.0

v4.43.0

v4.44.0

v4.45.0

v4.45.1

v4.46.0

v4.47.0

v4.47.1

v4.48.0

v4.48.1

v4.48.2

v4.48.3

v4.48.4

v4.49.0

v4.49.1

v4.49.2

v4.49.3

v4.49.4

v4.5.0

v4.50.0

v4.51.0

v4.51.1

v4.52.0

v4.53.0

v4.54.0

v4.55.0

v4.55.1

v4.56.0

v4.57.0

v4.58.0

v4.59.0

v4.59.1

v4.6.0

v4.60.0

v4.61.0

v4.62.0

v4.62.1

v4.63.0

v4.64.0

v4.65.0

v4.66.0

v4.66.1

v4.67.0

v4.68.0

v4.68.1

v4.68.2

v4.68.3

v4.69.0

v4.69.1

v4.69.2

v4.69.3

v4.69.4

v4.69.5

v4.7.0

v4.70.0

v4.71.0

v4.72.0

v4.72.1

v4.72.2

v4.73.0

v4.73.1

v4.74.0

v4.75.0

v4.75.1

v4.75.2

v4.76.0

v4.77.0

v4.78.0

v4.79.0

v4.79.1

v4.8.0

v4.9.0

v4.9.1

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-7653.json"