Home > Vulnerability Database > CVE-2022-25937

Mend.io Vulnerability Database

CVE-2022-25937

Good to know:

Date: February 13, 2023

Versions of the package glance before 3.0.9 are vulnerable to Directory Traversal that allows users to read files outside the public root directory. This is related to but distinct from the vulnerability reported in "CVE-2018-3715" (https://security.snyk.io/vuln/npm:glance:20180129).

Language: JS

Severity Score

6.5

Related Resources (5)

Url: https://github.com/jarofghosts/glance

Url: https://github.com/jarofghosts/glance/commit/8cecfe90286e0c45a5494067f1b592d0ccfeabac

Url: https://nvd.nist.gov/vuln/detail/CVE-2022-25937

Url: https://gist.github.com/lirantal/c8cfb0398c78e558b7d4ac02aae67809

Url: https://www.mend.io/vulnerability-database/CVE-2022-25937

Severity Score

6.5

Weakness Type (CWE)

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CWE-22

Top Fix

Upgrade Version

Upgrade to version glance - 3.0.9

Learn More

CVSS v3.1

Base Score:	6.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2022-25937

Good to know:

Date: February 13, 2023

Language: JS

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?