← back
CVE-2022-25937

CVE-2022-25937

CVSS 6.5 MEDIUMEPSS 1.1%CWE-22
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 6.5EPSS 1.1%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
13 Feb 2023Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
Versions of the package glance before 3.0.9 are vulnerable to Directory Traversal that allows users to read files outside the public root directory. This is related to but distinct from the vulnerability reported in [CVE-2018-3715](https://security.snyk.io/vuln/npm:glance:20180129).
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P
Affected products
n/a · glance