CVE-2022-25937
CVE-2022-25937
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 6.5EPSS 1.1%KEV nãoPoC —Nuclei —Metasploit —Patch —
Lifecycle
13 Feb 2023Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
Versions of the package glance before 3.0.9 are vulnerable to Directory Traversal that allows users to read files outside the public root directory. This is related to but distinct from the vulnerability reported in [CVE-2018-3715](https://security.snyk.io/vuln/npm:glance:20180129).
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P
Affected products
n/a · glance