Overview
- Description
- Versions of the package glance before 3.0.9 are vulnerable to Directory Traversal that allows users to read files outside the public root directory. This is related to but distinct from the vulnerability reported in [CVE-2018-3715](https://security.snyk.io/vuln/npm:glance:20180129).
- Source
- report@snyk.io
- NVD status
- Modified
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 6.5
- Impact score
- 3.6
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
- Severity
- MEDIUM
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:glance_project:glance:*:*:*:*:*:node.js:*:*",
"vulnerable": true,
"matchCriteriaId": "D7F45B5B-1E0E-4919-9C6B-3E2CCF198F95",
"versionEndExcluding": "3.0.9"
}
],
"operator": "OR"
}
]
}
]