CVE-2022-25937 — Path Traversal in Project Glance

CWE-22 — Path Traversal4 documents4 sources

Severity

6.5MEDIUMNVD

EPSS

0.7%

top 26.93%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Glance Project Glance

Timeline

PublishedFeb 13

Description

Versions of the package glance before 3.0.9 are vulnerable to Directory Traversal that allows users to read files outside the public root directory. This is related to but distinct from the vulnerability reported in [CVE-2018-3715](https://security.snyk.io/vuln/npm:glance:20180129).

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages3 packages

▶CVEListV5glance_project/glance< 3.0.9

▶NVDglance_project/glance< 3.0.9

▶npmglance_project/glance< 3.0.9

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

CVEList

CVE-2022-25937: Versions of the package glance before 3↗2023-02-13

▶

GHSA

Path traversal vulnerability in glance↗2023-02-13

▶

OSV

Path traversal vulnerability in glance↗2023-02-13

▶