cbcvebase.
CVE-2022-25937
published 2023-02-13

CVE-2022-25937: Versions of the package glance before 3.0.9 are vulnerable to Directory Traversal that allows users to read files outside the public root directory. This is…

PriorityP337medium6.5CVSS 3.1
AVNACLPRLUINSUCHINAN
EPSS
1.11%
61.8th percentile
Versions of the package glance before 3.0.9 are vulnerable to Directory Traversal that allows users to read files outside the public root directory. This is related to but distinct from the vulnerability reported in [CVE-2018-3715](https://security.snyk.io/vuln/npm:glance:20180129).

Affected

2 ranges
VendorProductVersion rangeFixed in
glance_projectglance< 3.0.93.0.9
glance_projectglance>= 0 < 3.0.93.0.9

CVSS provenance

nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
ghsa6.5MEDIUM
osv6.5MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.