CVE-2022-25937 – glance

Package

Manager: npm
Name: glance
Vulnerable Version: >=0 <3.0.9

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00215 pctl0.44041

Details

Path traversal vulnerability in glance Versions of the package glance before 3.0.9 are vulnerable to Directory Traversal that allows users to read files outside the public root directory. This is related to but distinct from the vulnerability reported in [CVE-2018-3715](https://security.snyk.io/vuln/npm:glance:20180129).

Metadata

Created: 2023-02-13T06:30:59Z
Modified: 2025-03-21T15:36:05Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/02/GHSA-3hjh-5hgx-f5wh/GHSA-3hjh-5hgx-f5wh.json
CWE IDs: ["CWE-22"]
Alternative ID: GHSA-3hjh-5hgx-f5wh
Finding: F063
Auto approve: 1