CVE-2022-25937
published 2023-02-13CVE-2022-25937: Versions of the package glance before 3.0.9 are vulnerable to Directory Traversal that allows users to read files outside the public root directory. This is…
PriorityP337medium6.5CVSS 3.1
AVNACLPRLUINSUCHINAN
EPSS
1.11%
61.8th percentile
Versions of the package glance before 3.0.9 are vulnerable to Directory Traversal that allows users to read files outside the public root directory. This is related to but distinct from the vulnerability reported in [CVE-2018-3715](https://security.snyk.io/vuln/npm:glance:20180129).
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| glance_project | glance | < 3.0.9 | 3.0.9 |
| glance_project | glance | >= 0 < 3.0.9 | 3.0.9 |
CVSS provenance
nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
ghsa6.5MEDIUM
osv6.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Path traversal vulnerability in glance
ghsa·2023-02-13·CVSS 6.5
CVE-2022-25937 [MEDIUM] CWE-22 Path traversal vulnerability in glance
Path traversal vulnerability in glance
Versions of the package glance before 3.0.9 are vulnerable to Directory Traversal that allows users to read files outside the public root directory. This is related to but distinct from the vulnerability reported in [CVE-2018-3715](https://security.snyk.io/vuln/npm:glance:20180129).
OSV
Path traversal vulnerability in glance
osv·2023-02-13·CVSS 6.5
CVE-2022-25937 [MEDIUM] Path traversal vulnerability in glance
Path traversal vulnerability in glance
Versions of the package glance before 3.0.9 are vulnerable to Directory Traversal that allows users to read files outside the public root directory. This is related to but distinct from the vulnerability reported in [CVE-2018-3715](https://security.snyk.io/vuln/npm:glance:20180129).
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2023-02-13
Published