CVE-2020-7650
MEDIUMSnyk Broker 4.72.0-4.73.1 - Arbitrary File Read via YAML/JSON File Extension Handling
Title source: llmDescription
All versions of snyk-broker after 4.72.0 including and before 4.73.1 are vulnerable to Arbitrary File Read. It allows arbitrary file reads to users with access to Snyk's internal network of any files ending in the following extensions: yaml, yml or json.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_misc
https://updates.snyk.io/snyk-broker-security-fixes-152338
Patch, Vendor Advisory x_refsource_misc
https://snyk.io/vuln/SNYK-JS-SNYKBROKER-570609
Scores
CVSS v3
6.5
EPSS
0.0113
EPSS Percentile
62.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-22
Status
published
Products (2)
npm/snyk-broker
0 - 4.73.1npm
synk/broker
4.72.0 - 4.73.1
Published
May 29, 2020
Tracked Since
Feb 18, 2026