CVE-2022-25937
Path traversal vulnerability in glance
6.5
MEDIUM
CVSS 3.1
EPSS 0.74%
Description
Versions of the package glance before 3.0.9 are vulnerable to Directory Traversal that allows users to read files outside the public root directory. This is related to but distinct from the vulnerability reported in [CVE-2018-3715](https://security.snyk.io/vuln/npm:glance:20180129).
How to fix CVE-2022-25937
To remediate CVE-2022-25937, upgrade the affected package to a fixed version below.
- —upgrade to 3.0.9 or later
Is CVE-2022-25937 being exploited?
Low — EPSS is 0.7%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 3.0.9
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM6.5 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |