Home > Vulnerability Database > CVE-2022-25937

Mend.io Vulnerability Database

CVE-2022-25937

Good to know:

Date: February 13, 2023

Versions of the package glance before 3.0.9 are vulnerable to Directory Traversal that allows users to read files outside the public root directory. This is related to but distinct from the vulnerability reported in [CVE-2018-3715](https://security.snyk.io/vuln/npm:glance:20180129).

Language: JS

Severity Score

6.5

Related Resources (3)

Url: https://github.com/jarofghosts/glance/commit/8cecfe90286e0c45a5494067f1b592d0ccfeabac

Url: https://nvd.nist.gov/vuln/detail/CVE-2022-25937

Url: https://www.mend.io/vulnerability-database/CVE-2022-25937

Severity Score

6.5

Weakness Type (CWE)

Path Traversal

CWE-22

Top Fix

Upgrade Version

Upgrade to version glance - 3.0.9

Learn More

CVSS v3.1

Base Score:	6.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2022-25937

Good to know:

Date: February 13, 2023

Language: JS

Severity Score

Related Resources (3)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?